Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-58181 (GCVE-0-2025-58181)
Vulnerability from cvelistv5 – Published: 2025-11-19 20:33 – Updated: 2025-11-20 17:14| Vendor | Product | Version | |
|---|---|---|---|
| golang.org/x/crypto | golang.org/x/crypto/ssh |
Affected:
0 , < 0.45.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-58181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T20:49:06.918113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T20:49:26.800Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "golang.org/x/crypto/ssh",
"product": "golang.org/x/crypto/ssh",
"programRoutines": [
{
"name": "parseGSSAPIPayload"
},
{
"name": "NewServerConn"
}
],
"vendor": "golang.org/x/crypto",
"versions": [
{
"lessThan": "0.45.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jakub Ciolek"
}
],
"descriptions": [
{
"lang": "en",
"value": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1284",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-20T17:14:59.856Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"url": "https://go.dev/cl/721961"
},
{
"url": "https://go.dev/issue/76363"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-4134"
}
],
"title": "Unbounded memory consumption in golang.org/x/crypto/ssh"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-58181",
"datePublished": "2025-11-19T20:33:42.795Z",
"dateReserved": "2025-08-27T14:50:58.691Z",
"dateUpdated": "2025-11-20T17:14:59.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-58181",
"date": "2026-06-30",
"epss": "0.00521",
"percentile": "0.40261"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-58181\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2025-11-19T21:15:50.850\",\"lastModified\":\"2026-06-17T09:44:01.527\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.\"}],\"affected\":[{\"source\":\"security@golang.org\",\"affectedData\":[{\"vendor\":\"golang.org/x/crypto\",\"product\":\"golang.org/x/crypto/ssh\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://pkg.go.dev\",\"packageName\":\"golang.org/x/crypto/ssh\",\"programRoutines\":[{\"name\":\"parseGSSAPIPayload\"},{\"name\":\"NewServerConn\"}],\"versions\":[{\"version\":\"0\",\"lessThan\":\"0.45.0\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-11-19T20:49:06.918113Z\",\"id\":\"CVE-2025-58181\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:*\",\"versionEndExcluding\":\"0.45.0\",\"matchCriteriaId\":\"0DB7D01D-5361-40FC-83A9-91A601A0321D\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/721961\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/76363\",\"source\":\"security@golang.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2025-4134\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-58181\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-19T20:49:06.918113Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-19T20:48:46.369Z\"}}], \"cna\": {\"title\": \"Unbounded memory consumption in golang.org/x/crypto/ssh\", \"credits\": [{\"lang\": \"en\", \"value\": \"Jakub Ciolek\"}], \"affected\": [{\"vendor\": \"golang.org/x/crypto\", \"product\": \"golang.org/x/crypto/ssh\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"0.45.0\", \"versionType\": \"semver\"}], \"packageName\": \"golang.org/x/crypto/ssh\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"parseGSSAPIPayload\"}, {\"name\": \"NewServerConn\"}]}], \"references\": [{\"url\": \"https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA\"}, {\"url\": \"https://go.dev/cl/721961\"}, {\"url\": \"https://go.dev/issue/76363\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2025-4134\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-1284\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2025-11-20T17:14:59.856Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-58181\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-20T17:14:59.856Z\", \"dateReserved\": \"2025-08-27T14:50:58.691Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2025-11-19T20:33:42.795Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2026:11126-1
Vulnerability from csaf_opensuse - Published: 2026-06-25 00:00 - Updated: 2026-06-25 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "velociraptor-0.7.0.4.git185.a5708584-2.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the velociraptor-0.7.0.4.git185.a5708584-2.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-11126",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_11126-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-45288 page",
"url": "https://www.suse.com/security/cve/CVE-2023-45288/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45339 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45339/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-13465 page",
"url": "https://www.suse.com/security/cve/CVE-2025-13465/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22868 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-24358 page",
"url": "https://www.suse.com/security/cve/CVE-2025-24358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58058 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58058/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-5889 page",
"url": "https://www.suse.com/security/cve/CVE-2025-5889/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-64718 page",
"url": "https://www.suse.com/security/cve/CVE-2025-64718/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6545 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-6547 page",
"url": "https://www.suse.com/security/cve/CVE-2025-6547/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-7783 page",
"url": "https://www.suse.com/security/cve/CVE-2025-7783/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-1229 page",
"url": "https://www.suse.com/security/cve/CVE-2026-1229/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25128 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25680 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25680/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26278 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-26996 page",
"url": "https://www.suse.com/security/cve/CVE-2026-26996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-2739 page",
"url": "https://www.suse.com/security/cve/CVE-2026-2739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27606 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-27904 page",
"url": "https://www.suse.com/security/cve/CVE-2026-27904/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33036 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33036/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33186 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33186/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33487 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33487/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-33814 page",
"url": "https://www.suse.com/security/cve/CVE-2026-33814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-34986 page",
"url": "https://www.suse.com/security/cve/CVE-2026-34986/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39821 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39821/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39827 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39827/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39828 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39828/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39829 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39829/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39830 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39830/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39831 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39832 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39832/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39833 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39833/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39834 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39834/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-39835 page",
"url": "https://www.suse.com/security/cve/CVE-2026-39835/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42039 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42039/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42502 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42506 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42506/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-42508 page",
"url": "https://www.suse.com/security/cve/CVE-2026-42508/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46598/"
}
],
"title": "velociraptor-0.7.0.4.git185.a5708584-2.1 on GA media",
"tracking": {
"current_release_date": "2026-06-25T00:00:00Z",
"generator": {
"date": "2026-06-25T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:11126-1",
"initial_release_date": "2026-06-25T00:00:00Z",
"revision_history": [
{
"date": "2026-06-25T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"product": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"product_id": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"product": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"product_id": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"product": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"product_id": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64",
"product": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64",
"product_id": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64"
},
"product_reference": "velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le"
},
"product_reference": "velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x"
},
"product_reference": "velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
},
"product_reference": "velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-45288",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-45288"
}
],
"notes": [
{
"category": "general",
"text": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request\u0027s headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-45288",
"url": "https://www.suse.com/security/cve/CVE-2023-45288"
},
{
"category": "external",
"summary": "SUSE Bug 1221400 for CVE-2023-45288",
"url": "https://bugzilla.suse.com/1221400"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-45288"
},
{
"cve": "CVE-2024-45339",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45339"
}
],
"notes": [
{
"category": "general",
"text": "When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process\u0027s log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45339",
"url": "https://www.suse.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "SUSE Bug 1236541 for CVE-2024-45339",
"url": "https://bugzilla.suse.com/1236541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-45339"
},
{
"cve": "CVE-2025-13465",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-13465"
}
],
"notes": [
{
"category": "general",
"text": "Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the _.unset and _.omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes.\n\nThe issue permits deletion of properties but does not allow overwriting their original behavior.\n\nThis issue is patched on 4.17.23",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-13465",
"url": "https://www.suse.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "SUSE Bug 1257321 for CVE-2025-13465",
"url": "https://bugzilla.suse.com/1257321"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-13465"
},
{
"cve": "CVE-2025-22868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22868"
}
],
"notes": [
{
"category": "general",
"text": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22868",
"url": "https://www.suse.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "SUSE Bug 1239185 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239185"
},
{
"category": "external",
"summary": "SUSE Bug 1239186 for CVE-2025-22868",
"url": "https://bugzilla.suse.com/1239186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22868"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
},
{
"category": "external",
"summary": "SUSE Bug 1265255 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1265255"
},
{
"category": "external",
"summary": "SUSE Bug 1265256 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1265256"
},
{
"category": "external",
"summary": "SUSE Bug 1265259 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1265259"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-24358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-24358"
}
],
"notes": [
{
"category": "general",
"text": "gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications \u0026 services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes the request is being served over TLS. It determines this by inspecting the r.URL.Scheme value. However, this value is never populated for \"server\" requests per the Go spec, and so this check does not run in practice. This vulnerability allows an attacker who has gained XSS on a subdomain or top level domain to perform authenticated form submissions against gorilla/csrf protected targets that share the same top level domain. This vulnerability is fixed in 1.7.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-24358",
"url": "https://www.suse.com/security/cve/CVE-2025-24358"
},
{
"category": "external",
"summary": "SUSE Bug 1241233 for CVE-2025-24358",
"url": "https://bugzilla.suse.com/1241233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-24358"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-58058",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58058"
}
],
"notes": [
{
"category": "general",
"text": "xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn\u0027t include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58058",
"url": "https://www.suse.com/security/cve/CVE-2025-58058"
},
{
"category": "external",
"summary": "SUSE Bug 1248889 for CVE-2025-58058",
"url": "https://bugzilla.suse.com/1248889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58058"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
},
{
"cve": "CVE-2025-5889",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-5889"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in juliangruber brace-expansion up to 1.1.11/2.0.1/3.0.0/4.0.0. It has been rated as problematic. Affected by this issue is the function expand of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.12, 2.0.2, 3.0.1 and 4.0.1 is able to address this issue. The name of the patch is a5b98a4f30d7813266b221435e1eaaf25a1b0ac5. It is recommended to upgrade the affected component.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-5889",
"url": "https://www.suse.com/security/cve/CVE-2025-5889"
},
{
"category": "external",
"summary": "SUSE Bug 1244340 for CVE-2025-5889",
"url": "https://bugzilla.suse.com/1244340"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-5889"
},
{
"cve": "CVE-2025-64718",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-64718"
}
],
"notes": [
{
"category": "general",
"text": "js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it\u0027s possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-64718",
"url": "https://www.suse.com/security/cve/CVE-2025-64718"
},
{
"category": "external",
"summary": "SUSE Bug 1255407 for CVE-2025-64718",
"url": "https://bugzilla.suse.com/1255407"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-64718"
},
{
"cve": "CVE-2025-6545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6545"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js.\n\nThis issue affects pbkdf2: from 3.0.10 through 3.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6545",
"url": "https://www.suse.com/security/cve/CVE-2025-6545"
},
{
"category": "external",
"summary": "SUSE Bug 1245273 for CVE-2025-6545",
"url": "https://bugzilla.suse.com/1245273"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-6545"
},
{
"cve": "CVE-2025-6547",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-6547"
}
],
"notes": [
{
"category": "general",
"text": "Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: \u003c=3.1.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-6547",
"url": "https://www.suse.com/security/cve/CVE-2025-6547"
},
{
"category": "external",
"summary": "SUSE Bug 1245271 for CVE-2025-6547",
"url": "https://bugzilla.suse.com/1245271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-6547"
},
{
"cve": "CVE-2025-7783",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-7783"
}
],
"notes": [
{
"category": "general",
"text": "Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js.\n\nThis issue affects form-data: \u003c 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-7783",
"url": "https://www.suse.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "SUSE Bug 1246810 for CVE-2025-7783",
"url": "https://bugzilla.suse.com/1246810"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-7783"
},
{
"cve": "CVE-2026-1229",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-1229"
}
],
"notes": [
{
"category": "general",
"text": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in v1.6.3 https://github.com/cloudflare/circl/releases/tag/v1.6.3 .",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-1229",
"url": "https://www.suse.com/security/cve/CVE-2026-1229"
},
{
"category": "external",
"summary": "SUSE Bug 1265416 for CVE-2026-1229",
"url": "https://bugzilla.suse.com/1265416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-1229"
},
{
"cve": "CVE-2026-25128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25128"
}
],
"notes": [
{
"category": "general",
"text": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 5.0.9 through 5.3.3, a RangeError vulnerability exists in the numeric entity processing of fast-xml-parser when parsing XML with out-of-range entity code points (e.g., `\u0026#9999999;` or `\u0026#xFFFFFF;`). This causes the parser to throw an uncaught exception, crashing any application that processes untrusted XML input. Version 5.3.4 fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25128",
"url": "https://www.suse.com/security/cve/CVE-2026-25128"
},
{
"category": "external",
"summary": "SUSE Bug 1257518 for CVE-2026-25128",
"url": "https://bugzilla.suse.com/1257518"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25128"
},
{
"cve": "CVE-2026-25680",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25680"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25680",
"url": "https://www.suse.com/security/cve/CVE-2026-25680"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25680",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25680"
},
{
"cve": "CVE-2026-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25681"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25681",
"url": "https://www.suse.com/security/cve/CVE-2026-25681"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-25681",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25681"
},
{
"cve": "CVE-2026-26278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26278"
}
],
"notes": [
{
"category": "general",
"text": "fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. In versions 4.1.3 through 5.3.5, the XML parser can be forced to do an unlimited amount of entity expansion. With a very small XML input, it\u0027s possible to make the parser spend seconds or even minutes processing a single request, effectively freezing the application. Version 5.3.6 fixes the issue. As a workaround, avoid using DOCTYPE parsing by `processEntities: false` option.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26278",
"url": "https://www.suse.com/security/cve/CVE-2026-26278"
},
{
"category": "external",
"summary": "SUSE Bug 1258547 for CVE-2026-26278",
"url": "https://bugzilla.suse.com/1258547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-26278"
},
{
"cve": "CVE-2026-26996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-26996"
}
],
"notes": [
{
"category": "general",
"text": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn\u0027t appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8\u0027s regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-26996",
"url": "https://www.suse.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "SUSE Bug 1258621 for CVE-2026-26996",
"url": "https://bugzilla.suse.com/1258621"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-26996"
},
{
"cve": "CVE-2026-27136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27136"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27136",
"url": "https://www.suse.com/security/cve/CVE-2026-27136"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-27136",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27136"
},
{
"cve": "CVE-2026-2739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-2739"
}
],
"notes": [
{
"category": "general",
"text": "This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-2739",
"url": "https://www.suse.com/security/cve/CVE-2026-2739"
},
{
"category": "external",
"summary": "SUSE Bug 1258647 for CVE-2026-2739",
"url": "https://bugzilla.suse.com/1258647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-2739"
},
{
"cve": "CVE-2026-27606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27606"
}
],
"notes": [
{
"category": "general",
"text": "Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27606",
"url": "https://www.suse.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "SUSE Bug 1258846 for CVE-2026-27606",
"url": "https://bugzilla.suse.com/1258846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27606"
},
{
"cve": "CVE-2026-27904",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-27904"
}
],
"notes": [
{
"category": "general",
"text": "minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Prior to version 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4, nested `*()` extglobs produce regexps with nested unbounded quantifiers (e.g. `(?:(?:a|b)*)*`), which exhibit catastrophic backtracking in V8. With a 12-byte pattern `*(*(*(a|b)))` and an 18-byte non-matching input, `minimatch()` stalls for over 7 seconds. Adding a single nesting level or a few input characters pushes this to minutes. This is the most severe finding: it is triggered by the default `minimatch()` API with no special options, and the minimum viable pattern is only 12 bytes. The same issue affects `+()` extglobs equally. Versions 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 fix the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-27904",
"url": "https://www.suse.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "SUSE Bug 1258994 for CVE-2026-27904",
"url": "https://bugzilla.suse.com/1258994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-27904"
},
{
"cve": "CVE-2026-33036",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33036"
}
],
"notes": [
{
"category": "general",
"text": "fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references (\u0026#NNN;, \u0026#xHH;) and standard XML entities completely evade the entity expansion limits (e.g., maxTotalExpansions, maxExpandedLength) added to fix CVE-2026-26278, enabling XML entity expansion Denial of Service. The root cause is that replaceEntitiesValue() in OrderedObjParser.js only enforces expansion counting on DOCTYPE-defined entities while the lastEntities loop handling numeric/standard entities performs no counting at all. An attacker supplying 1M numeric entity references like \u0026#65; can force ~147MB of memory allocation and heavy CPU usage, potentially crashing the process-even when developers have configured strict limits. This issue has been fixed in version 5.5.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33036",
"url": "https://www.suse.com/security/cve/CVE-2026-33036"
},
{
"category": "external",
"summary": "SUSE Bug 1259974 for CVE-2026-33036",
"url": "https://bugzilla.suse.com/1259974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33036"
},
{
"cve": "CVE-2026-33186",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33186"
}
],
"notes": [
{
"category": "general",
"text": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33186",
"url": "https://www.suse.com/security/cve/CVE-2026-33186"
},
{
"category": "external",
"summary": "SUSE Bug 1260085 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1260085"
},
{
"category": "external",
"summary": "SUSE Bug 1268676 for CVE-2026-33186",
"url": "https://bugzilla.suse.com/1268676"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33186"
},
{
"cve": "CVE-2026-33487",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33487"
}
],
"notes": [
{
"category": "general",
"text": "goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one that matches the signed element\u0027s ID. In Go versions before 1.22, or when `go.mod` uses an older version, there is a loop variable capture issue. The code takes the address of the loop variable `_ref` instead of its value. As a result, if more than one reference matches the ID or if the loop logic is incorrect, the `ref` pointer will always end up pointing to the last element in the `SignedInfo.References` slice after the loop. goxmlsig version 1.6.0 contains a patch.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33487",
"url": "https://www.suse.com/security/cve/CVE-2026-33487"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33487"
},
{
"cve": "CVE-2026-33814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-33814"
}
],
"notes": [
{
"category": "general",
"text": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-33814",
"url": "https://www.suse.com/security/cve/CVE-2026-33814"
},
{
"category": "external",
"summary": "SUSE Bug 1264506 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1264506"
},
{
"category": "external",
"summary": "SUSE Bug 1268758 for CVE-2026-33814",
"url": "https://bugzilla.suse.com/1268758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-33814"
},
{
"cve": "CVE-2026-34986",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-34986"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-34986",
"url": "https://www.suse.com/security/cve/CVE-2026-34986"
},
{
"category": "external",
"summary": "SUSE Bug 1262805 for CVE-2026-34986",
"url": "https://bugzilla.suse.com/1262805"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-34986"
},
{
"cve": "CVE-2026-39821",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39821"
}
],
"notes": [
{
"category": "general",
"text": "The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode(\"xn--example-.com\") incorrectly returns the name \"example.com\" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject \"example.com\" but permit \"xn--example-.com\". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name \"example.com\".",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39821",
"url": "https://www.suse.com/security/cve/CVE-2026-39821"
},
{
"category": "external",
"summary": "SUSE Bug 1266474 for CVE-2026-39821",
"url": "https://bugzilla.suse.com/1266474"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39821"
},
{
"cve": "CVE-2026-39827",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39827"
}
],
"notes": [
{
"category": "general",
"text": "An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection\u0027s internal state and released for garbage collection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39827",
"url": "https://www.suse.com/security/cve/CVE-2026-39827"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39827",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39827"
},
{
"cve": "CVE-2026-39828",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39828"
}
],
"notes": [
{
"category": "general",
"text": "When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39828",
"url": "https://www.suse.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39828",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39828"
},
{
"cve": "CVE-2026-39829",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39829"
}
],
"notes": [
{
"category": "general",
"text": "The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39829",
"url": "https://www.suse.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39829",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39829"
},
{
"cve": "CVE-2026-39830",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39830"
}
],
"notes": [
{
"category": "general",
"text": "A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection\u0027s read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39830",
"url": "https://www.suse.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39830",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39830"
},
{
"cve": "CVE-2026-39831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39831"
}
],
"notes": [
{
"category": "general",
"text": "The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a \"no-touch-required\" extension in Permissions.Extensions from PublicKeyCallback.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39831",
"url": "https://www.suse.com/security/cve/CVE-2026-39831"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39831",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39831"
},
{
"cve": "CVE-2026-39832",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39832"
}
],
"notes": [
{
"category": "general",
"text": "When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39832",
"url": "https://www.suse.com/security/cve/CVE-2026-39832"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39832",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39832"
},
{
"cve": "CVE-2026-39833",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39833"
}
],
"notes": [
{
"category": "general",
"text": "The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39833",
"url": "https://www.suse.com/security/cve/CVE-2026-39833"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39833",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39833"
},
{
"cve": "CVE-2026-39834",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39834"
}
],
"notes": [
{
"category": "general",
"text": "When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39834",
"url": "https://www.suse.com/security/cve/CVE-2026-39834"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39834",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39834"
},
{
"cve": "CVE-2026-39835",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-39835"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-39835",
"url": "https://www.suse.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-39835",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-39835"
},
{
"cve": "CVE-2026-42039",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42039"
}
],
"notes": [
{
"category": "general",
"text": "Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and 0.31.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42039",
"url": "https://www.suse.com/security/cve/CVE-2026-42039"
},
{
"category": "external",
"summary": "SUSE Bug 1267406 for CVE-2026-42039",
"url": "https://bugzilla.suse.com/1267406"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42039"
},
{
"cve": "CVE-2026-42502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42502"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42502",
"url": "https://www.suse.com/security/cve/CVE-2026-42502"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42502",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42502"
},
{
"cve": "CVE-2026-42506",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42506"
}
],
"notes": [
{
"category": "general",
"text": "Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42506",
"url": "https://www.suse.com/security/cve/CVE-2026-42506"
},
{
"category": "external",
"summary": "SUSE Bug 1267044 for CVE-2026-42506",
"url": "https://bugzilla.suse.com/1267044"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42506"
},
{
"cve": "CVE-2026-42508",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-42508"
}
],
"notes": [
{
"category": "general",
"text": "Previously, a revoked \u0027SignatureKey\u0027 belonging to a CA was not correctly checked for revocation. Now, both the \u0027key\u0027 and \u0027key.SignatureKey\u0027 are checked for @revoked.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-42508",
"url": "https://www.suse.com/security/cve/CVE-2026-42508"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-42508",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-42508"
},
{
"cve": "CVE-2026-46595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46595"
}
],
"notes": [
{
"category": "general",
"text": "Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46595",
"url": "https://www.suse.com/security/cve/CVE-2026-46595"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46595",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46595"
},
{
"cve": "CVE-2026-46597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46597"
}
],
"notes": [
{
"category": "general",
"text": "An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46597",
"url": "https://www.suse.com/security/cve/CVE-2026-46597"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46597",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46597"
},
{
"cve": "CVE-2026-46598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46598"
}
],
"notes": [
{
"category": "general",
"text": "For certain crafted inputs, a \u0027ed25519.PrivateKey\u0027 was created by casting malformed wire bytes, leading to a panic when used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46598",
"url": "https://www.suse.com/security/cve/CVE-2026-46598"
},
{
"category": "external",
"summary": "SUSE Bug 1266049 for CVE-2026-46598",
"url": "https://bugzilla.suse.com/1266049"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.aarch64",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.ppc64le",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.s390x",
"openSUSE Tumbleweed:velociraptor-0.7.0.4.git185.a5708584-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-46598"
}
]
}
OPENSUSE-SU-2026:20132-1
Vulnerability from csaf_opensuse - Published: 2026-01-29 15:32 - Updated: 2026-01-29 15:32| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for elemental-register, elemental-toolkit",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for elemental-register, elemental-toolkit fixes the following issues:\n\nelemental-register was updated to 1.8.1:\n\nChanges on top of v1.8.1:\n\n * Update headers to 2026\n * Update questions to include SL Micro 6.2\n\nUpdate to v1.8.1:\n\n * Install yip config files in before-install step\n * Bump github.com/rancher-sandbox/go-tpm and its dependencies\n This includes few CVE fixes:\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n\nelemental-toolkit was updated to v2.3.2:\n\n * Bump golang.org/x/crypto library\n This includes few CVE fixes:\n * bsc#1241826 (CVE-2025-22872)\n * bsc#1241857 (CVE-2025-22872)\n * bsc#1251511 (CVE-2025-47911)\n * bsc#1251679 (CVE-2025-58190)\n * bsc#1253581 (CVE-2025-47913)\n * bsc#1253901 (CVE-2025-58181)\n * bsc#1254079 (CVE-2025-47914)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-217",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20132-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1241826",
"url": "https://bugzilla.suse.com/1241826"
},
{
"category": "self",
"summary": "SUSE Bug 1241857",
"url": "https://bugzilla.suse.com/1241857"
},
{
"category": "self",
"summary": "SUSE Bug 1251511",
"url": "https://bugzilla.suse.com/1251511"
},
{
"category": "self",
"summary": "SUSE Bug 1251679",
"url": "https://bugzilla.suse.com/1251679"
},
{
"category": "self",
"summary": "SUSE Bug 1253581",
"url": "https://bugzilla.suse.com/1253581"
},
{
"category": "self",
"summary": "SUSE Bug 1253901",
"url": "https://bugzilla.suse.com/1253901"
},
{
"category": "self",
"summary": "SUSE Bug 1254079",
"url": "https://bugzilla.suse.com/1254079"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47911 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58190 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58190/"
}
],
"title": "Security update for elemental-register, elemental-toolkit",
"tracking": {
"current_release_date": "2026-01-29T15:32:26Z",
"generator": {
"date": "2026-01-29T15:32:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20132-1",
"initial_release_date": "2026-01-29T15:32:26Z",
"revision_history": [
{
"date": "2026-01-29T15:32:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.8.1-160000.1.1.aarch64",
"product": {
"name": "elemental-register-1.8.1-160000.1.1.aarch64",
"product_id": "elemental-register-1.8.1-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.8.1-160000.1.1.aarch64",
"product": {
"name": "elemental-support-1.8.1-160000.1.1.aarch64",
"product_id": "elemental-support-1.8.1-160000.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.3.2-160000.1.1.aarch64",
"product": {
"name": "elemental-toolkit-2.3.2-160000.1.1.aarch64",
"product_id": "elemental-toolkit-2.3.2-160000.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"product": {
"name": "elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"product_id": "elemental-toolkit-2.3.2-160000.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-toolkit-2.3.2-160000.1.1.s390x",
"product": {
"name": "elemental-toolkit-2.3.2-160000.1.1.s390x",
"product_id": "elemental-toolkit-2.3.2-160000.1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "elemental-register-1.8.1-160000.1.1.x86_64",
"product": {
"name": "elemental-register-1.8.1-160000.1.1.x86_64",
"product_id": "elemental-register-1.8.1-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-support-1.8.1-160000.1.1.x86_64",
"product": {
"name": "elemental-support-1.8.1-160000.1.1.x86_64",
"product_id": "elemental-support-1.8.1-160000.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "elemental-toolkit-2.3.2-160000.1.1.x86_64",
"product": {
"name": "elemental-toolkit-2.3.2-160000.1.1.x86_64",
"product_id": "elemental-toolkit-2.3.2-160000.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.8.1-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64"
},
"product_reference": "elemental-register-1.8.1-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-register-1.8.1-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64"
},
"product_reference": "elemental-register-1.8.1-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.8.1-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64"
},
"product_reference": "elemental-support-1.8.1-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-support-1.8.1-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64"
},
"product_reference": "elemental-support-1.8.1-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.3.2-160000.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64"
},
"product_reference": "elemental-toolkit-2.3.2-160000.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.3.2-160000.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le"
},
"product_reference": "elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.3.2-160000.1.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x"
},
"product_reference": "elemental-toolkit-2.3.2-160000.1.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "elemental-toolkit-2.3.2-160000.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
},
"product_reference": "elemental-toolkit-2.3.2-160000.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-47911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47911"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47911",
"url": "https://www.suse.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "SUSE Bug 1251308 for CVE-2025-47911",
"url": "https://bugzilla.suse.com/1251308"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-47911"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2025-58190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58190"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58190",
"url": "https://www.suse.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "SUSE Bug 1251309 for CVE-2025-58190",
"url": "https://bugzilla.suse.com/1251309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-register-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-support-1.8.1-160000.1.1.x86_64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.aarch64",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.ppc64le",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.s390x",
"openSUSE Leap 16.0:elemental-toolkit-2.3.2-160000.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-29T15:32:26Z",
"details": "moderate"
}
],
"title": "CVE-2025-58190"
}
]
}
OPENSUSE-SU-2026:20249-1
Vulnerability from csaf_opensuse - Published: 2026-02-18 09:41 - Updated: 2026-02-18 09:41| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-bash-completion-28.5.1_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-fish-completion-28.5.1_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-rootless-extras-28.5.1_ce-160000.5.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-zsh-completion-28.5.1_ce-160000.5.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker fixes the following issues:\n\n- CVE-2025-58181: not validating the number of mechanisms can cause unlimited memory consumption (bsc#1253904).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-294",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20249-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1253904",
"url": "https://bugzilla.suse.com/1253904"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
}
],
"title": "Security update for docker",
"tracking": {
"current_release_date": "2026-02-18T09:41:33Z",
"generator": {
"date": "2026-02-18T09:41:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20249-1",
"initial_release_date": "2026-02-18T09:41:33Z",
"revision_history": [
{
"date": "2026-02-18T09:41:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-28.5.1_ce-160000.5.1.aarch64",
"product": {
"name": "docker-28.5.1_ce-160000.5.1.aarch64",
"product_id": "docker-28.5.1_ce-160000.5.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.29.0-160000.5.1.aarch64",
"product": {
"name": "docker-buildx-0.29.0-160000.5.1.aarch64",
"product_id": "docker-buildx-0.29.0-160000.5.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-bash-completion-28.5.1_ce-160000.5.1.noarch",
"product": {
"name": "docker-bash-completion-28.5.1_ce-160000.5.1.noarch",
"product_id": "docker-bash-completion-28.5.1_ce-160000.5.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-fish-completion-28.5.1_ce-160000.5.1.noarch",
"product": {
"name": "docker-fish-completion-28.5.1_ce-160000.5.1.noarch",
"product_id": "docker-fish-completion-28.5.1_ce-160000.5.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-rootless-extras-28.5.1_ce-160000.5.1.noarch",
"product": {
"name": "docker-rootless-extras-28.5.1_ce-160000.5.1.noarch",
"product_id": "docker-rootless-extras-28.5.1_ce-160000.5.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-zsh-completion-28.5.1_ce-160000.5.1.noarch",
"product": {
"name": "docker-zsh-completion-28.5.1_ce-160000.5.1.noarch",
"product_id": "docker-zsh-completion-28.5.1_ce-160000.5.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-28.5.1_ce-160000.5.1.ppc64le",
"product": {
"name": "docker-28.5.1_ce-160000.5.1.ppc64le",
"product_id": "docker-28.5.1_ce-160000.5.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.29.0-160000.5.1.ppc64le",
"product": {
"name": "docker-buildx-0.29.0-160000.5.1.ppc64le",
"product_id": "docker-buildx-0.29.0-160000.5.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-28.5.1_ce-160000.5.1.s390x",
"product": {
"name": "docker-28.5.1_ce-160000.5.1.s390x",
"product_id": "docker-28.5.1_ce-160000.5.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.29.0-160000.5.1.s390x",
"product": {
"name": "docker-buildx-0.29.0-160000.5.1.s390x",
"product_id": "docker-buildx-0.29.0-160000.5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-28.5.1_ce-160000.5.1.x86_64",
"product": {
"name": "docker-28.5.1_ce-160000.5.1.x86_64",
"product_id": "docker-28.5.1_ce-160000.5.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-buildx-0.29.0-160000.5.1.x86_64",
"product": {
"name": "docker-buildx-0.29.0-160000.5.1.x86_64",
"product_id": "docker-buildx-0.29.0-160000.5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-28.5.1_ce-160000.5.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.aarch64"
},
"product_reference": "docker-28.5.1_ce-160000.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-28.5.1_ce-160000.5.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.ppc64le"
},
"product_reference": "docker-28.5.1_ce-160000.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-28.5.1_ce-160000.5.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.s390x"
},
"product_reference": "docker-28.5.1_ce-160000.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-28.5.1_ce-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.x86_64"
},
"product_reference": "docker-28.5.1_ce-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-bash-completion-28.5.1_ce-160000.5.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-bash-completion-28.5.1_ce-160000.5.1.noarch"
},
"product_reference": "docker-bash-completion-28.5.1_ce-160000.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.29.0-160000.5.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.aarch64"
},
"product_reference": "docker-buildx-0.29.0-160000.5.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.29.0-160000.5.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.ppc64le"
},
"product_reference": "docker-buildx-0.29.0-160000.5.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.29.0-160000.5.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.s390x"
},
"product_reference": "docker-buildx-0.29.0-160000.5.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-buildx-0.29.0-160000.5.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.x86_64"
},
"product_reference": "docker-buildx-0.29.0-160000.5.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-fish-completion-28.5.1_ce-160000.5.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-fish-completion-28.5.1_ce-160000.5.1.noarch"
},
"product_reference": "docker-fish-completion-28.5.1_ce-160000.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-rootless-extras-28.5.1_ce-160000.5.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-rootless-extras-28.5.1_ce-160000.5.1.noarch"
},
"product_reference": "docker-rootless-extras-28.5.1_ce-160000.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-zsh-completion-28.5.1_ce-160000.5.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-zsh-completion-28.5.1_ce-160000.5.1.noarch"
},
"product_reference": "docker-zsh-completion-28.5.1_ce-160000.5.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.x86_64",
"openSUSE Leap 16.0:docker-bash-completion-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:docker-fish-completion-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-rootless-extras-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-zsh-completion-28.5.1_ce-160000.5.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.x86_64",
"openSUSE Leap 16.0:docker-bash-completion-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:docker-fish-completion-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-rootless-extras-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-zsh-completion-28.5.1_ce-160000.5.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-28.5.1_ce-160000.5.1.x86_64",
"openSUSE Leap 16.0:docker-bash-completion-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.aarch64",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.ppc64le",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.s390x",
"openSUSE Leap 16.0:docker-buildx-0.29.0-160000.5.1.x86_64",
"openSUSE Leap 16.0:docker-fish-completion-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-rootless-extras-28.5.1_ce-160000.5.1.noarch",
"openSUSE Leap 16.0:docker-zsh-completion-28.5.1_ce-160000.5.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-18T09:41:33Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
}
]
}
OPENSUSE-SU-2026:20366-1
Vulnerability from csaf_opensuse - Published: 2026-03-16 15:57 - Updated: 2026-03-16 15:57| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for docker-stable",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for docker-stable fixes the following issues:\n\n- CVE-2025-58181: Fixed unbounded memory consumption. (bsc#1253904)\n- CVE-2025-30204: Fixed a bug in jwt-go which allows excessive memory allocation during header parsing. (bsc#1240513)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-389",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_20366-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1240513",
"url": "https://bugzilla.suse.com/1240513"
},
{
"category": "self",
"summary": "SUSE Bug 1253904",
"url": "https://bugzilla.suse.com/1253904"
},
{
"category": "self",
"summary": "SUSE Bug 1254206",
"url": "https://bugzilla.suse.com/1254206"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-30204 page",
"url": "https://www.suse.com/security/cve/CVE-2025-30204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
}
],
"title": "Security update for docker-stable",
"tracking": {
"current_release_date": "2026-03-16T15:57:03Z",
"generator": {
"date": "2026-03-16T15:57:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:20366-1",
"initial_release_date": "2026-03-16T15:57:03Z",
"revision_history": [
{
"date": "2026-03-16T15:57:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-160000.4.1.aarch64",
"product": {
"name": "docker-stable-24.0.9_ce-160000.4.1.aarch64",
"product_id": "docker-stable-24.0.9_ce-160000.4.1.aarch64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"product": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"product_id": "docker-stable-buildx-0.25.0-160000.4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"product": {
"name": "docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"product_id": "docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"product": {
"name": "docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"product_id": "docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"product": {
"name": "docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"product_id": "docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch"
}
},
{
"category": "product_version",
"name": "docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch",
"product": {
"name": "docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch",
"product_id": "docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"product": {
"name": "docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"product_id": "docker-stable-24.0.9_ce-160000.4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"product": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"product_id": "docker-stable-buildx-0.25.0-160000.4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-160000.4.1.s390x",
"product": {
"name": "docker-stable-24.0.9_ce-160000.4.1.s390x",
"product_id": "docker-stable-24.0.9_ce-160000.4.1.s390x"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-160000.4.1.s390x",
"product": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.s390x",
"product_id": "docker-stable-buildx-0.25.0-160000.4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "docker-stable-24.0.9_ce-160000.4.1.x86_64",
"product": {
"name": "docker-stable-24.0.9_ce-160000.4.1.x86_64",
"product_id": "docker-stable-24.0.9_ce-160000.4.1.x86_64"
}
},
{
"category": "product_version",
"name": "docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"product": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"product_id": "docker-stable-buildx-0.25.0-160000.4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.4.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64"
},
"product_reference": "docker-stable-24.0.9_ce-160000.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.4.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le"
},
"product_reference": "docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.4.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x"
},
"product_reference": "docker-stable-24.0.9_ce-160000.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-24.0.9_ce-160000.4.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64"
},
"product_reference": "docker-stable-24.0.9_ce-160000.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch"
},
"product_reference": "docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.s390x as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.4.1.s390x",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-buildx-0.25.0-160000.4.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64"
},
"product_reference": "docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch"
},
"product_reference": "docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch"
},
"product_reference": "docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
},
"product_reference": "docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-30204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-30204"
}
],
"notes": [
{
"category": "general",
"text": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-30204",
"url": "https://www.suse.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "SUSE Bug 1240441 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240441"
},
{
"category": "external",
"summary": "SUSE Bug 1240442 for CVE-2025-30204",
"url": "https://bugzilla.suse.com/1240442"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-16T15:57:03Z",
"details": "important"
}
],
"title": "CVE-2025-30204"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-24.0.9_ce-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-bash-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.aarch64",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.ppc64le",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.s390x",
"openSUSE Leap 16.0:docker-stable-buildx-0.25.0-160000.4.1.x86_64",
"openSUSE Leap 16.0:docker-stable-fish-completion-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-rootless-extras-24.0.9_ce-160000.4.1.noarch",
"openSUSE Leap 16.0:docker-stable-zsh-completion-24.0.9_ce-160000.4.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-16T15:57:03Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
}
]
}
RHSA-2026:15979
Vulnerability from csaf_redhat - Published: 2026-05-11 11:23 - Updated: 2026-07-01 06:04A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker's external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le | — |
Workaround
|
A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le | — |
A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le | — |
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le | — |
A prototype pollution flaw has been discovered in the js-yaml npm library. It's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (__proto__). All users who parse untrusted yaml documents may be impacted.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le | — |
Workaround
|
A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le | — |
Workaround
|
A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat build of Ceph Storage has been released",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 8.1.\nThis release updates to the latest version.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:15979",
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13033",
"url": "https://access.redhat.com/security/cve/CVE-2025-13033"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47914",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58181",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64718",
"url": "https://access.redhat.com/security/cve/CVE-2025-64718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68156",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/",
"url": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_15979.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ceph Storage",
"tracking": {
"current_release_date": "2026-07-01T06:04:03+00:00",
"generator": {
"date": "2026-07-01T06:04:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:15979",
"initial_release_date": "2026-05-11T11:23:46+00:00",
"revision_history": [
{
"date": "2026-05-11T11:23:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-11T11:23:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T06:04:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 8.1",
"product": {
"name": "Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:8.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566519"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566772"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"product": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"product_id": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3A9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Ae0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566201"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3Ab2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1778049929"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777567370"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3Ac27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566519"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3Aaeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566772"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"product": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"product_id": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3Af76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566201"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3Af7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1778049929"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777567370"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3Aa6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566519"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3Afa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566772"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"product": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"product_id": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3A0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566201"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3A5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1778049929"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777567370"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566519"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566772"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"product_id": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3A1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Acbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777566201"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256%3Adf6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1778049929"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3Abf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1777567370"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x"
},
"product_reference": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64"
},
"product_reference": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64"
},
"product_reference": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64 as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le as a component of Red Hat Ceph Storage 8.1",
"product_id": "Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 8.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-13033",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-10-07T15:03:14.483722+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402179"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the email to the attacker\u0027s external address instead of the intended internal recipient. This could lead to a significant data leak of sensitive information and allow an attacker to bypass security filters and access controls.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability allows an attacker to force nodemailer to send an email to an attacker-owned email address by leveraging the incorrect handling of quoted local-parts containing the \u0027@\u0027 character in the destination email address. When successfully exploited, this vulnerability may allow an attacker to exfiltrate data by misrouting emails to an unintended domain, presenting a high impact on data confidentiality.\n\nThis vulnerability has been assessed as having a Moderate impact on Red Hat Products by the Red Hat Product Security team. This is because for an attacker successfully exploit this vulnerability, the malicious actor needs to have direct control over the destination email input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13033"
},
{
"category": "external",
"summary": "RHBZ#2402179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402179"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13033"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13033",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13033"
},
{
"category": "external",
"summary": "https://github.com/nodemailer/nodemailer",
"url": "https://github.com/nodemailer/nodemailer"
},
{
"category": "external",
"summary": "https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626",
"url": "https://github.com/nodemailer/nodemailer/commit/1150d99fba77280df2cfb1885c43df23109a8626"
},
{
"category": "external",
"summary": "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87",
"url": "https://github.com/nodemailer/nodemailer/security/advisories/GHSA-mm7p-fcc7-pg87"
}
],
"release_date": "2025-10-07T13:42:02+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T11:23:46+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
},
{
"category": "workaround",
"details": "Currently there\u0027s no available mitigation for this flaw.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodemailer: Nodemailer: Email to an unintended domain can occur due to Interpretation Conflict"
},
{
"cve": "CVE-2025-47914",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-19T21:01:06.202641+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. The golang.org/x/crypto/ssh/agent library, when used in SSH Agent servers, does not properly validate the size of messages during new identity requests. A specially crafted malformed message can lead to an out-of-bounds read, causing the program to panic and resulting in a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "RHBZ#2416000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://go.dev/cl/721960",
"url": "https://go.dev/cl/721960"
},
{
"category": "external",
"summary": "https://go.dev/issue/76364",
"url": "https://go.dev/issue/76364"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4135",
"url": "https://pkg.go.dev/vuln/GO-2025-4135"
}
],
"release_date": "2025-11-19T20:33:43.126000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T11:23:46+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages"
},
{
"cve": "CVE-2025-58181",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-11-19T21:00:50.197590+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415997"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. SSH servers utilizing `golang.org/x/crypto/ssh` and configured to process GSSAPI authentication requests are susceptible to unbounded memory consumption. An attacker can exploit this by sending specially crafted GSSAPI authentication requests, potentially leading to a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "RHBZ#2415997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415997"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://go.dev/cl/721961",
"url": "https://go.dev/cl/721961"
},
{
"category": "external",
"summary": "https://go.dev/issue/76363",
"url": "https://go.dev/issue/76363"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4134",
"url": "https://pkg.go.dev/vuln/GO-2025-4134"
}
],
"release_date": "2025-11-19T20:33:42.795000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T11:23:46+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T11:23:46+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-64718",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2025-11-13T16:01:24.744054+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414854"
}
],
"notes": [
{
"category": "description",
"text": "A prototype pollution flaw has been discovered in the js-yaml npm library. It\u0027s possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (__proto__). All users who parse untrusted yaml documents may be impacted.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "js-yaml: js-yaml prototype pollution in merge",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64718"
},
{
"category": "external",
"summary": "RHBZ#2414854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64718"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879",
"url": "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m",
"url": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m"
}
],
"release_date": "2025-11-13T15:32:44.634000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T11:23:46+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "js-yaml: js-yaml prototype pollution in merge"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.\n\nThis flaw is present in the command line interface of the nodejs-glob package. When the package is used by npm, the command line interface is not used at all, so it cannot be triggered. However, the command line interface implementation is still present on the system, but not directly exposed to the user\u0027s $PATH. To reflect this condition, nodejs packages have been rated with a low severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T11:23:46+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
},
{
"cve": "CVE-2025-68156",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-16T19:01:42.049157+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2422891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Expr, an expression language and expression evaluation for Go. This vulnerability allows a denial of service (DoS) via recursive traversal over user-provided deeply nested or cyclic data structures without enforcing a maximum recursion depth, leading to a stack overflow panic and application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products utilizing the `Expr` Go library because it can lead to a denial-of-service. Exploitation requires an application to evaluate expressions against untrusted or insufficiently validated data structures containing deeply nested or cyclic references, which can cause a stack overflow and application crash. Products that do not process untrusted input with `Expr` are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"known_not_affected": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68156"
},
{
"category": "external",
"summary": "RHBZ#2422891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68156",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68156"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/pull/870",
"url": "https://github.com/expr-lang/expr/pull/870"
},
{
"category": "external",
"summary": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6",
"url": "https://github.com/expr-lang/expr/security/advisories/GHSA-cfpf-hrx2-8rv6"
}
],
"release_date": "2025-12-16T18:24:11.648000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-11T11:23:46+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:15979"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications using the `Expr` library should ensure that evaluation environments do not contain cyclic references. Additionally, externally supplied data structures must be validated or sanitized before being passed to `Expr` for evaluation. As a last-resort defensive measure, expression evaluation can be wrapped with panic recovery to prevent a full process crash.",
"product_ids": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:3d4903b8dbe33464c05ce219ee2e945bf1be169efbed73caee5185883c9df508_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:67d65ecfe844febb7afdfcfbdc0a31f3bd9dfb4c3c81f4734a1b146e34d8d5cb_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:a6a8bbdd49272c632edd96e1598d1e697ba3a1dabb8d36086eced4847de59cbb_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:c27690e36faf7db08a6d398cce7dbedcfe74848224a179c7278b62315516dd4a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:02914a917bbea40c35be2cc7dbaf05c5ac1e1bd30b0e82b4ad9a1c58b99a076b_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:2ce063cc246e7694adf066c17390b4c8d95719b2786267a9db64390407648410_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:aeb508e1309d4a811f881f4028e1c370a5431d290aca2c4af5acdf6a58916a7f_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:fa3c9307038f92e351892be9c73cda40a3bab2038904fabcb97dad5568dcec2d_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:0f37c554cc22c9c89cc4c53739b2ef86e84287486e3f7cdbad10a6e53439d596_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:1a8207fe81e8c5bd63568eddddb41dd0da16d8340c5f5ae3615fe46ae864a163_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:9e15073c7782b0194c06e0b420573e49d5719002417faa567c99ee8409ff590d_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:f76307e201d0b2deaf0aa96bc6b62fc4535c8358b06a8e95ec5a8abf10d2da07_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:5c496cafb1e21883677c6dcb9fd7392383325b8529b98648af757545dfe59488_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:b2875bcf5aee1175faa2ab1ce163642e17c4948ff5aa76967d008f75b470fc74_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:df6bf531755753b224999cb9a5f087c96e8a512666589df4763d4a14941a6f5a_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-8-rhel9@sha256:f7e87de708186099c76426f24b53395340a672e282615164bac73afca3f36454_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:0350448bf1fb15f26c0d092ceb8b0618932f42d30ca4c7c62f2ec1b86c20dd23_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c8c8ef82f2f2685d76a9535523c4c93485329aa23328a68426e93789f363b53_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:7fa04ae06b25476b7b2a3f9e21279202571fd8fc5ff5012c980caf3f33edc0a5_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:8b20b6abf0399bbfc970990bc0c5b6dab46c1043ef761519dbbe8213e6fdd169_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:28aae4d07691c86cdfa9bbfcc7b68e1a3304402ac6c65982bfc0f7945cb9a44e_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3b78f446debe56d01cd96dc3c3ae225a982ee6abdd7d2fabae553cf4c87e471a_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:cbc542505b4784050c96b3fb31a4867b5d94c8a6957b54a8cfad03bc16a19578_ppc64le",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:e0e44241bde7bfbccea69d06e5fd00ad0a0ab569bef6645687bcadcfc00aa5ef_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:5ccb9e878551c910e3a300ab8043fdc4788381c9515dc9dcaa965a738d2de059_s390x",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:7559ec0119f673e243361d4e457a8e9687beb3af60a4fd608fa211539b9034c1_arm64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:808082ac26e53bc7f962428d8e67f721654b732eb1d40fc6e272fcb7f045797c_amd64",
"Red Hat Ceph Storage 8.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:bf282440c8e3ce4d38535bb1efdcbc05f0278647d2fc6e2a13c9c28c0c101f79_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation"
}
]
}
RHSA-2026:26411
Vulnerability from csaf_redhat - Published: 2026-06-16 16:32 - Updated: 2026-07-01 06:06A flaw was found in nanoid. Affected versions of nanoid mishandles non-integer values. When nanoid is called with a fractional value, there were a number of undesirable effects: - In browser and non-secure, the code infinite loops on while (size--) - In node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled: when i is initialized to poolOffset, pool[i] & 63 -> undefined & 63 -> 0 - If the first call in node is a fractional argument, the initial buffer allocation fails with an error The highest impact of this issue system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x | — |
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic("unreachable") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x | — |
Workaround
|
A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x | — |
A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x | — |
A symlink validation bypass flaw has been discovered in the npm tar-fs library. Affected versions are vulnerable to a symlink validation bypass if the destination directory is predictable with a specific tarball.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x | — |
Workaround
|
A prototype pollution flaw has been discovered in the js-yaml npm library. It's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (__proto__). All users who parse untrusted yaml documents may be impacted.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x | — |
Workaround
|
A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat build of Ceph Storage has been released",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 9.0.\nThis release updates to the latest version.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:26411",
"url": "https://access.redhat.com/errata/RHSA-2026:26411"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-55565",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47913",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47914",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58181",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59343",
"url": "https://access.redhat.com/security/cve/CVE-2025-59343"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64718",
"url": "https://access.redhat.com/security/cve/CVE-2025-64718"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-64756",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/",
"url": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26411.json"
}
],
"title": "Red Hat Security Advisory: New container image: rhceph-9.0",
"tracking": {
"current_release_date": "2026-07-01T06:06:08+00:00",
"generator": {
"date": "2026-07-01T06:06:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:26411",
"initial_release_date": "2026-06-16T16:32:52+00:00",
"revision_history": [
{
"date": "2026-06-16T16:32:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-16T16:33:01+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T06:06:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 9.0",
"product": {
"name": "Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:9.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"product": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"product_id": "registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/alloy-rhel10@sha256%3Ab839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/alloy-rhel10\u0026tag=1781021746"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel10@sha256%3Ab413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel10\u0026tag=1781018768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3Af58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=1781021473"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel10@sha256%3Aa214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel10\u0026tag=1781018336"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"product": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"product_id": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3A09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=1781018431"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-9-rhel9@sha256%3Afa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-9-rhel9\u0026tag=1781160401"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel10@sha256%3Ae40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel10\u0026tag=1781017635"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"product": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"product_id": "registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/alloy-rhel10@sha256%3A6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/alloy-rhel10\u0026tag=1781021746"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel10@sha256%3A10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel10\u0026tag=1781018768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=1781021473"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel10@sha256%3A5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel10\u0026tag=1781018336"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"product": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"product_id": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3Abe1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=1781018431"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-9-rhel9@sha256%3A1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/rhceph-9-rhel9\u0026tag=1781160401"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel10@sha256%3A087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel10\u0026tag=1781017635"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"product_id": "registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/alloy-rhel10@sha256%3A4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/alloy-rhel10\u0026tag=1781021746"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"product_id": "registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel10@sha256%3Aed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel10\u0026tag=1781018768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=1781021473"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel10@sha256%3A498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel10\u0026tag=1781018336"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"product_id": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3A8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=1781018431"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-9-rhel9@sha256%3A8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-9-rhel9\u0026tag=1781160401"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel10@sha256%3A94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel10\u0026tag=1781017635"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"product": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"product_id": "registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/alloy-rhel10@sha256%3Ab1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/alloy-rhel10\u0026tag=1781021746"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"product_id": "registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel10@sha256%3Af73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel10\u0026tag=1781018768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=1781021473"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel10@sha256%3A41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel10\u0026tag=1781018336"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"product": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"product_id": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256%3A5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=1781018431"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-9-rhel9@sha256%3Ab73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-9-rhel9\u0026tag=1781160401"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel10@sha256%3Ae5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel10\u0026tag=1781017635"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64 as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64"
},
"product_reference": "registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x"
},
"product_reference": "registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64 as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64"
},
"product_reference": "registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64 as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64 as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64 as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64 as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64 as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64"
},
"product_reference": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x"
},
"product_reference": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64 as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64"
},
"product_reference": "registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64 as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64 as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64 as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64 as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64 as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64 as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x as a component of Red Hat Ceph Storage 9.0",
"product_id": "Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-55565",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-12-09T02:00:45.255738+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331063"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nanoid. Affected versions of nanoid mishandles non-integer values. When nanoid is called with a fractional value, there were a number of undesirable effects:\n\n- In browser and non-secure, the code infinite loops on while (size--)\n- In node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled: when i is initialized to poolOffset, pool[i] \u0026 63 -\u003e undefined \u0026 63 -\u003e 0\n- If the first call in node is a fractional argument, the initial buffer allocation fails with an error\n\nThe highest impact of this issue system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nanoid: nanoid mishandles non-integer values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64"
],
"known_not_affected": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "RHBZ#2331063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8",
"url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/pull/510",
"url": "https://github.com/ai/nanoid/pull/510"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/releases/tag/5.0.9",
"url": "https://github.com/ai/nanoid/releases/tag/5.0.9"
}
],
"release_date": "2024-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T16:32:52+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26411"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nanoid: nanoid mishandles non-integer values"
},
{
"cve": "CVE-2025-47913",
"discovery_date": "2025-11-13T22:01:26.092452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "RHBZ#2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
"url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
},
{
"category": "external",
"summary": "https://go.dev/cl/700295",
"url": "https://go.dev/cl/700295"
},
{
"category": "external",
"summary": "https://go.dev/issue/75178",
"url": "https://go.dev/issue/75178"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4116",
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"release_date": "2025-11-13T21:29:39.907000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T16:32:52+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26411"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
},
{
"cve": "CVE-2025-47914",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-19T21:01:06.202641+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. The golang.org/x/crypto/ssh/agent library, when used in SSH Agent servers, does not properly validate the size of messages during new identity requests. A specially crafted malformed message can lead to an out-of-bounds read, causing the program to panic and resulting in a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "RHBZ#2416000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://go.dev/cl/721960",
"url": "https://go.dev/cl/721960"
},
{
"category": "external",
"summary": "https://go.dev/issue/76364",
"url": "https://go.dev/issue/76364"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4135",
"url": "https://pkg.go.dev/vuln/GO-2025-4135"
}
],
"release_date": "2025-11-19T20:33:43.126000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T16:32:52+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26411"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages"
},
{
"cve": "CVE-2025-58181",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-11-19T21:00:50.197590+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415997"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. SSH servers utilizing `golang.org/x/crypto/ssh` and configured to process GSSAPI authentication requests are susceptible to unbounded memory consumption. An attacker can exploit this by sending specially crafted GSSAPI authentication requests, potentially leading to a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "RHBZ#2415997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415997"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://go.dev/cl/721961",
"url": "https://go.dev/cl/721961"
},
{
"category": "external",
"summary": "https://go.dev/issue/76363",
"url": "https://go.dev/issue/76363"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4134",
"url": "https://pkg.go.dev/vuln/GO-2025-4134"
}
],
"release_date": "2025-11-19T20:33:42.795000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T16:32:52+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26411"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication"
},
{
"cve": "CVE-2025-59343",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-09-24T18:01:19.612438+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397901"
}
],
"notes": [
{
"category": "description",
"text": "A symlink validation bypass flaw has been discovered in the npm tar-fs library. Affected versions are vulnerable to a symlink validation bypass if the destination directory is predictable with a specific tarball.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: tar-fs symlink validation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64"
],
"known_not_affected": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59343"
},
{
"category": "external",
"summary": "RHBZ#2397901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09",
"url": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v",
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v"
}
],
"release_date": "2025-09-24T17:43:34.728000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T16:32:52+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26411"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: tar-fs symlink validation bypass"
},
{
"cve": "CVE-2025-64718",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2025-11-13T16:01:24.744054+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414854"
}
],
"notes": [
{
"category": "description",
"text": "A prototype pollution flaw has been discovered in the js-yaml npm library. It\u0027s possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (__proto__). All users who parse untrusted yaml documents may be impacted.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "js-yaml: js-yaml prototype pollution in merge",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64718"
},
{
"category": "external",
"summary": "RHBZ#2414854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64718"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879",
"url": "https://github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m",
"url": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8m"
}
],
"release_date": "2025-11-13T15:32:44.634000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T16:32:52+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26411"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "js-yaml: js-yaml prototype pollution in merge"
},
{
"cve": "CVE-2025-64756",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2025-11-17T18:01:28.077927+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415451"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glob. This vulnerability allows arbitrary command execution via processing files with malicious names when the glob command-line interface (CLI) is used with the -c/--cmd option, enabling shell metacharacters to trigger command injection.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glob: glob: Command Injection Vulnerability via Malicious Filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in glob allows arbitrary command execution when the `glob` command-line interface is used with the `-c/--cmd` option to process files with malicious names. The vulnerability is triggered by shell metacharacters in filenames, leading to command injection. The glob CLI tool utilizes the -c option to execute shell commands over the files which matched the searched pattern by using the shell:true parameter when creating the subprocess which will further execute the command informed via \u0027-c\u0027 option, this parameter allows the shell meta characters to be used and processed when executing the command. Given that information glob misses to sanitize the file name to eliminate such characters and expressions from the filename, leading to code execution as when performing the shell expansion such characters will be interpreted as shell commands.\n\nTo exploit this vulnerability the targeted system should run the glob CLI over a file with a maliciously crafted filename, additionally the attacker needs to have enough permission to create such file or trick the user to download and process the required file with the glob CLI.\n\nThis flaw is present in the command line interface of the nodejs-glob package. When the package is used by npm, the command line interface is not used at all, so it cannot be triggered. However, the command line interface implementation is still present on the system, but not directly exposed to the user\u0027s $PATH. To reflect this condition, nodejs packages have been rated with a low severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-64756"
},
{
"category": "external",
"summary": "RHBZ#2415451",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415451"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64756"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146",
"url": "https://github.com/isaacs/node-glob/commit/47473c046b91c67269df7a66eab782a6c2716146"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2",
"url": "https://github.com/isaacs/node-glob/security/advisories/GHSA-5j98-mcp5-4vw2"
}
],
"release_date": "2025-11-17T17:29:08.029000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-16T16:32:52+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:26411"
},
{
"category": "workaround",
"details": "To mitigate this issue, avoid using the `glob` command-line interface with the `-c` or `--cmd` option when processing filenames from untrusted sources. If programmatic use of `glob` is necessary, ensure that filenames are thoroughly sanitized before being passed to commands executed with shell interpretation enabled.",
"product_ids": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:4275a746d036f4a674f2a41c584d1061160392818c0bf47f1e831034654c3c26_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:6cc5bc1fe92aecfb16bb3b6ccf833d06dc4484f8f7c9ffb7bedc3b3e49ace7b6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b1c91e9df4b0bb9437394b92444480d6417a39bb46c8474d8c8027ab01732ca4_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/alloy-rhel10@sha256:b839e918e2b695ee22e954273f016c6ecdebc1f6048e538560b7162f21f9b83a_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:10d6f4417f63579b5ad0c2642e68049bf4b0cbc07393f05f5ccd6d93ad9b4551_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:b413d37ad30595df599c3aa8c7dbfad08acc6fa9a59e5300d6e66746d0ed7c92_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:ed69dc576cf04d5ed270a4a271aa89a5476b46d58a85c937f1c63d6680b08b73_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/grafana-rhel10@sha256:f73c95e3c84116b5fb7320af22e69d252df69d4559f4ce7bdfd59f42902338c7_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:41e5ab72e781b1baa72b7158b2fb6af247c52042f828b496a15ff78adde413a3_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:498e05a439ac63b3a42882dd908d086078f697ff8c29dc2effedec8b26dd6521_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:5b0ca20174d1c6cdb3229bf625a906acf64509575c3092895e341ec301c5e92e_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/keepalived-rhel10@sha256:a214782e432451ca21a5042abd90bf44c57ed01563dfa4d1b81ef72f38ef2265_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:09758d53ef928e8740a95a31572462681a0f70c1c2a6eaa6a72a45fddf4538b7_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:5f4554659280456cba1fb0078dceb46964a9759f1c5ec0a8fa5d4a6f2bc4889f_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:8afff49beebd4fd88ccf687a421bca80c6d3295a38ef9fcef92ab2049d5f78db_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/oauth2-proxy-rhel9@sha256:be1e659b4f556e0dd65aa36141fa4ab940c5bdee4cf96e1425addb95330c9a09_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:1eb37889b6fd96e9bb95257e30918212f290caf50d9dbe76b6e46af067cdeda6_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8705162c817322ffdabfee74c5fec3ce4f37be667f46634981cb66db0354ef10_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:b73e4453cb4a353d458ce8fe0641dfd1314ba383d836f1631e0cca5d9ffdca4e_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:fa557386c42c9144dcef16957fc0f02b6e631d037cb982c70a043ce11d760556_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:01f59a1b847d03122126fb3db62daa1e924d2bed5da9506061013800085c100b_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:10ed1c8ea558924ddfa1d3ab6a43d34a6edd16e09dac44d593487bc22b2fc7fc_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:94f30db2064d0d62776af04715a67f90d3fb852855c123eff51285122e296328_s390x",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:f58c4b24482819abd2cb67f30d3e1034d61dd85a043f76bc3f487e48941bd201_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:087c99d8838e9c2bd9a298fc320e954ea27203bbceaced070930c87f8a6581a8_arm64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:94a7dea2910f1f440c42c143f930886b529b00a3d6a0eab08d06596f157977a9_ppc64le",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e40d93d9d76fe8aa344905015d75ae13f94622f6e64de432b73af1930136f8de_amd64",
"Red Hat Ceph Storage 9.0:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:e5244c1382ad165701a9e156618d8452d78e70675d33668cbdaf6d93f99a58f1_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "glob: glob: Command Injection Vulnerability via Malicious Filenames"
}
]
}
RHSA-2026:6503
Vulnerability from csaf_redhat - Published: 2026-04-02 16:38 - Updated: 2026-07-01 00:25A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64 | — |
A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64 | — |
Workaround
|
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic("unreachable") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64 | — |
Workaround
|
A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64 | — |
A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64 | — | ||
| Unresolved product id: Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Data Foundation 4.20.9 security, enhancement \u0026 bug fix update",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Data Foundation 4.20.9 security, enhancement \u0026 bug fix update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6503",
"url": "https://access.redhat.com/errata/RHSA-2026:6503"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-5042",
"url": "https://access.redhat.com/security/cve/CVE-2024-5042"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22870",
"url": "https://access.redhat.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47913",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47914",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58181",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6503.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.20.9 security, enhancement \u0026 bug fix update",
"tracking": {
"current_release_date": "2026-07-01T00:25:47+00:00",
"generator": {
"date": "2026-07-01T00:25:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:6503",
"initial_release_date": "2026-04-02T16:38:29+00:00",
"revision_history": [
{
"date": "2026-04-02T16:38:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-16T09:34:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:25:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Openshift Data Foundation 4.2",
"product": {
"name": "Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_data_foundation:4.20::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Openshift Data Foundation"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774540992"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774540668"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-operator-bundle@sha256%3A62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774545311"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3Abc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3Add381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541345"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"product_id": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256%3Ae0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774545312"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541880"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-operator-bundle@sha256%3Aa903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774545356"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541420"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541448"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"product_id": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256%3A8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774545356"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541663"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"product_id": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cloudnative-pg-rhel9-operator@sha256%3A5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541469"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3Ae4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774542075"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3A7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256%3A243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774545300"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541633"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"product_id": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-dependencies-operator-bundle@sha256%3Ab5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774545299"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"product_id": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-external-snapshotter-rhel9-operator@sha256%3A3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541625"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"product_id": "registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-external-snapshotter-operator-bundle@sha256%3A58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774545298"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"product_id": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-external-snapshotter-sidecar-rhel9@sha256%3A8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541625"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774542179"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541779"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256%3Ab7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774545302"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3Ac2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541857"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3Aa625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541919"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"product_id": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256%3A1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774545317"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"product_id": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-prometheus-operator-bundle@sha256%3A308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774545325"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"product_id": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256%3A05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774545330"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"product_id": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256%3Af953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774545326"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3Aa866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541919"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"product_id": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-recipe-operator-bundle@sha256%3A7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774545345"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3A889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774542101"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-operator-bundle@sha256%3A2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774545346"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774540992"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3Ae6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774540668"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3Aeea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3Ac46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541345"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541880"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541420"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541448"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541663"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cloudnative-pg-rhel9-operator@sha256%3Aef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541469"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3Abc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774542075"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3Ab424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3A0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3Acd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541633"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-external-snapshotter-rhel9-operator@sha256%3Aabae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541625"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-external-snapshotter-sidecar-rhel9@sha256%3Ab3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541625"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3Ad5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774542179"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541779"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3Aa484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541857"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541919"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3Ade194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541919"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3A2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774542101"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774540992"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774540668"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3Adf25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541345"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541880"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3Acd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541420"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541448"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541663"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"product_id": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cloudnative-pg-rhel9-operator@sha256%3A180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541469"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3Af1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774542075"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3Adf3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Abe9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541633"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"product_id": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-external-snapshotter-rhel9-operator@sha256%3A58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541625"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"product_id": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-external-snapshotter-sidecar-rhel9@sha256%3A6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541625"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774542179"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541779"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541857"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541919"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541919"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3A7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774542101"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774540992"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774540668"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541259"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541345"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541880"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3Aa3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541420"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Ac8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541448"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541663"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"product_id": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cloudnative-pg-rhel9-operator@sha256%3A73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541469"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3Aeeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774542075"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3Ae558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541617"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3A8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541614"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3Add6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541633"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"product_id": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-external-snapshotter-rhel9-operator@sha256%3A6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541625"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"product_id": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-external-snapshotter-sidecar-rhel9@sha256%3A0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541625"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774542179"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541779"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541857"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541919"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774541919"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3A253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=1774542101"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64 as a component of Red Hat Openshift Data Foundation 4.2",
"product_id": "Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-5042",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"discovery_date": "2024-05-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2280921"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "submariner-operator: RBAC permissions can allow for the spread of node compromises",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "For the submariner operator in Red Hat Advanced Cluster Management for Kubernetes, the submariner-security outlined potential vulnerabilities regarding RBAC permissions being too broad. Those permissions make it possible to create, patch or update statefulsets or replicasets resources. This may allow new privileged containers escaping them and gaining root privileges on any worker nodes where those containers have been deployed within the cluster.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-5042"
},
{
"category": "external",
"summary": "RHBZ#2280921",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280921"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-5042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5042"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-5042",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5042"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-2rhx-qhxp-5jpw",
"url": "https://github.com/advisories/GHSA-2rhx-qhxp-5jpw"
}
],
"release_date": "2024-05-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T16:38:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.20/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6503"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "submariner-operator: RBAC permissions can allow for the spread of node compromises"
},
{
"cve": "CVE-2025-22870",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-03-12T19:00:59.178193+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351766"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in proxy host matching. This vulnerability allows improper bypassing of proxy settings via manipulating an IPv6 zone ID, causing unintended matches against the NO_PROXY environment variable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "RHBZ#2351766",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351766"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22870",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22870"
},
{
"category": "external",
"summary": "https://go.dev/cl/654697",
"url": "https://go.dev/cl/654697"
},
{
"category": "external",
"summary": "https://go.dev/issue/71984",
"url": "https://go.dev/issue/71984"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3503",
"url": "https://pkg.go.dev/vuln/GO-2025-3503"
}
],
"release_date": "2025-03-12T18:27:59.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T16:38:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.20/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6503"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net"
},
{
"cve": "CVE-2025-47913",
"discovery_date": "2025-11-13T22:01:26.092452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "RHBZ#2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
"url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
},
{
"category": "external",
"summary": "https://go.dev/cl/700295",
"url": "https://go.dev/cl/700295"
},
{
"category": "external",
"summary": "https://go.dev/issue/75178",
"url": "https://go.dev/issue/75178"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4116",
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"release_date": "2025-11-13T21:29:39.907000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T16:38:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.20/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6503"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
},
{
"cve": "CVE-2025-47914",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-19T21:01:06.202641+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. The golang.org/x/crypto/ssh/agent library, when used in SSH Agent servers, does not properly validate the size of messages during new identity requests. A specially crafted malformed message can lead to an out-of-bounds read, causing the program to panic and resulting in a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "RHBZ#2416000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://go.dev/cl/721960",
"url": "https://go.dev/cl/721960"
},
{
"category": "external",
"summary": "https://go.dev/issue/76364",
"url": "https://go.dev/issue/76364"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4135",
"url": "https://pkg.go.dev/vuln/GO-2025-4135"
}
],
"release_date": "2025-11-19T20:33:43.126000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T16:38:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.20/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6503"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages"
},
{
"cve": "CVE-2025-58181",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-11-19T21:00:50.197590+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415997"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. SSH servers utilizing `golang.org/x/crypto/ssh` and configured to process GSSAPI authentication requests are susceptible to unbounded memory consumption. An attacker can exploit this by sending specially crafted GSSAPI authentication requests, potentially leading to a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "RHBZ#2415997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415997"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://go.dev/cl/721961",
"url": "https://go.dev/cl/721961"
},
{
"category": "external",
"summary": "https://go.dev/issue/76363",
"url": "https://go.dev/issue/76363"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4134",
"url": "https://pkg.go.dev/vuln/GO-2025-4134"
}
],
"release_date": "2025-11-19T20:33:42.795000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-02T16:38:29+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.20/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6503"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:62a1e3e3d10ae3cca4f38b7da160757b26a4ada29ccc0b008db80427caf7bd4f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:457e7c141b8e04ebe23f8b89da6d2a1a86ea5be46e9893b9207bd16a1e7e92b2_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:7e90ed2895f2dd84762ca77fb887b529476bdf79bc5133cb3b3c7dabe719336c_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:86e0fb7a61046341cbe8614394f8784436b2a7b801bd5726ebfa41dd8f27f022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:e6f8fbb23fe367d3b12baec5f97d1958e86e97acfc08acdf42ee5abc37f8514b_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:147e1ff243a190e7db6af5a450ab9ee45a6c138beb1428605296c5a39d8c2cd9_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:6e32194b8d6d0a250eddc0c0bdffd8a31440238b192322d71729abe516c88b4d_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:815f42f1839110b1c7cc9a8c4fb0f9b90031943e4a17d4ecbc6b6b119de6b0ad_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/cephcsi-rhel9@sha256:890c1c243a58fe00759ed5c6e17d9f7cf7043d0409d218d3d63cc5daea6daafc_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:0e1a41e4284bb482365de3b2d2e799fe4b53af86743b56ccae50a236eac23897_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:bc906111eeec8e0bb54c34b0cf6e9695dba4f1a308155e08db9393bea97b6cdb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:df25b097a7d1772fdc4ec84533f19f3a916de593029bc38845b9d40b2af5142b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-core-rhel9@sha256:eea2985363d3e9a9f0c2688456a74948ac10aa8b9c7c4d9fb682d0550e4d64e8_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-operator-bundle@sha256:e0d11bc558eebdadcc72e3dcfda3ed7aa0e8e7a6c2a6041076875b71b9593fd5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:23e29e78ab6586896be041a0d759d0a47bf5a3708ba816574bc996baee4af946_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:6503afcba4a7f139e8ba17f59edbe0c109c56ecd62e6e249505f3e0a4020b182_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:c46d5db93877a5ad790ced226a1b2f5682fe51d743938fa6561cb499397eaa84_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:dd381f4da7876e74f697af5f7378e40c427ba77c54c6c5c387bbce366275cd63_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:40b76923ce5df4062bfd3a6c617874e230b4b47cf998081b0c552141d93a81b0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:472c9719f8368e1e585f8c43890d94ef6581bc5e42ff3bfaea036c6a6f832727_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:4ea89d1bed3fff6035b1aa3bfad77ddbbb2fb42e15aa34011268993c73881e5e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:96ca51be0713a54f548d57e4ed0681e830e2760cfa5e16d66726e57b5b026aa8_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:a903caeaf7a08ea42f381efc904f7c41e6ed9f539983c8186c9d604677c0e4c4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:0ea607acea5d6ad4aa853cb564e7c5e462c3d5f38814e2097142d44231437bd8_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:18f50116a80c6c3dd2d245733815bdfea65a3f152f7a79484b4ba00f4f4e0022_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:34ca4dda713a8b4adfdd274eaa1d6c8a945ea6f3ca33c3c86e5f5c98a2b05659_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:79804ddcade086223a9491e322ad2212782307afee56e0ed75742e234d595cc1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:74efeee9bddf97c549de6a6fa454d86f96d3afef8aaf2438b740403181579fcd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:86470b7d7abb6942782205c9f8097ab9ef1c0841f9e7042faacec0d52560d70a_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:a3ed5f96f3201ae55bb3f4dea6c116c0788d8c1ca49d4d24aa171ad32a07b188_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:cd9eb368817a83901a57dd2dee50bb58ce352e192f40b530e3808879a9ca7c7c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-operator-bundle@sha256:8855408bc49030268b769a09acfdf8b797a0188d6b167ffe07d18c56703decde_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:2f22bca94e282ce150235d74070465525b5fbd29070f1caec323f5f8d7be0db5_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:5dd091a4999c42a4ff9cd13accdc1851518cea185657e295ac8b1900d558a29f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:73d3eb352ccd0ab4dbfb85502031b036f156105eebc8f92296e8e256b89b8529_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:c8f9ed1d92ea49c1db5a6b78f633dfb4c8c2ad12aa574162139b6686160ad46e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:1f58e36602f8e8704179762e4b94898ded50bb9d4643b829ac516165d5a66fe1_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:270bb4340478e95b64aeecf73b6da1dfc1b14547a2a517977522cae334942ebe_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:34b735cdc43fb3bc6db3d0ed7f69aaac6a5c2e4b83a04fc91f58645b8eecb710_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cli-rhel9@sha256:63988d58757ae2b9e42ad895bc03d0ffcc96e8f722b3116fea12e4efb48342a8_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:180f30e2f7ae5a1604c9ef3e8fdcdb2af37c53019280777c61375aef9cc6dee3_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:5b5e33cc511fbbf9fb9d6ec1309472218c98c553429af9f9bc30c1fd69e9121c_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:73e5d007d3e0c57d96d3c11027a36d57eafab5b71877f0f09615934dbaf81445_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cloudnative-pg-rhel9-operator@sha256:ef6590d2d8591a53f6784f2526d9a6e3771a8a2b77dc12fc46af2cdb8aa2ff3e_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:bc06753f9f013d4eed2705d5fbd727f916eab9f72c0c4d2cc33f6f064c58ecb1_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:e4b9477b833041cf4e2e2236ba27d81dbc841700fe33de831bced7594d144aca_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:eeb4f42e3ef4fc1105a829e8f68f8efe5a364a5f74fbde826f0c1906babb1e0e_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-console-rhel9@sha256:f1ed595f2371ff555a617495be83968cf1de0d405b90e83f13f65816b6d1fcaa_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:31bd7bff52021201beffb8f94e25635443390ed7c373fef546dd799c29a540dd_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:b424d0d2dcd4653a4e85c3f947b8213a2ddb306c65eb0f8042f9fbcdf9df5a77_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:df3abf53e0e539d5f9e82bfb607f0572222c41dfc1bd6bc3719cdec29c377c7a_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e558b8f83258ec1837818de5dd165ee43e8426cbc19573d715f824931383da58_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:243304d18c54cfde83103d89b03c2e75310b89b5a7ab24d0c6816b4acb1b1b83_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0cb993a3f939cd30689f10f03110a6dec8317c9c5c69ed726e78bb9c70b7f3ee_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:7424514ba1a7a001d0fc1214f15d5d73e0379f0293829d736849551f6727539d_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:8faacd8d8616acc68f9a68dcf00263df8ab9eb3f93e68e104c7d99fa1556c787_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:be9b93fc778edec0a514e9acf2abcfb4fc78c3a241676acdebcf513db7a416c0_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:55351821e9c296bf419a0b6b4f8a08942303bde1f6b8c1c8d3e81d719bafd0d4_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:5f08b4c7869c60f005692c5e74e1ca6d55bdebf90c0b28ab25f31fd9422a139f_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:cd59f499b6042b3b913e825427f474267096d3289510b3ec329a5adc774603e0_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:dd6be1ff9b19270a9696e8843d2913dd60da9e085eabb859b55049129f1c1b65_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-dependencies-operator-bundle@sha256:b5b97ac0c9b3db213b79c4d4dd8876c18c2b0656f6a838933cc5afb9ea0633e0_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-operator-bundle@sha256:58cdf902630b571c30e2bc30e2f758301dc35bd2bdcd0c9205ecb40cde84202f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:3d8d9e2964d1c472f29ff5a67ff2b23188dbb9add8ccaa1cfa37ad1742825bf9_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:58571551a41e712fc65bc57193191953e30b7074ac5a4a6b7a2c7cfec40b0bcf_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:6e1c0f005b4f5109914c7c5ea9a6ff466b164536d2eff6b040c2c3288cab5e39_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-rhel9-operator@sha256:abae5c78b8e562e8d23d49df7361c0870f636a65836512c2d561407e652b55fd_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:0b5f12a165ad061ec151f9310fa5803717cb41f719802503125d982f5420edd0_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:6ae1eb0c3fbc067ae11d1d93e512111ed0866d580fa3f461706a5eee4c8bfc56_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:8049debdc3cb5f99676eb981757b151564bac5e2fdc90a9f0592393a8868d1d5_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-external-snapshotter-sidecar-rhel9@sha256:b3be63a0c29e551ed8b3648db1ba0fdb90dbcba4189074329da80f75b8a91657_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:08cd8df1f99ca92bd8c82a3ce345352f8a5223feac9f475293987dc6088bd607_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:1a1116906aa52425715588efe171bf08219c866adda96090d38d5264ca62455c_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:63f0abc01654c2a2efdbbae9e1344d35e68c4cc74dd7fea2f6e95b4a795ca4f7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:d5bbde498ae0bbc6076f2b5ad4d45b31c3aec2b0e153339bf0e21db711a02822_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:b7bc65336fd8f0e66803146fb05273f3c9ba651fa6b1df8bea9afde2201cd8a2_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:13594f6f57bdd87477505288fee4a62c504daacdb6fc930e0c64c582edab4dbb_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:33b7e2cda8655abe7a6728fb80c76537b252a4b9df935e7ef6a1a38ac8917dd7_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:5596f3a33361fa885bc5d7461da8caefb419df3c99cb1b0f7d10f4fd72a6b883_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:9ddf1ba86ddb5b3aa16ad468969ff18e556abbceb5153001340322b84dad58a7_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:2541e3c82807ec72336aa0151f05e8576eabe710eaa660efe6fe2a98ab0eff61_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:30ccb913d0e77ec6d65bcdd9ec84bf46745cb0eb45730ee1cf29ddb523ee327b_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:a484a562b8693a76fec6612e360a077863c9d6c95c16816f18c0d3529fda4f65_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:c2d95153165971ef4faccbffb471dd76b292bfb3d9afeb17abdf5ae849979b09_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-operator-bundle@sha256:1694c2baed4b1fcb14d096a9de4e1d986d11e6246defef85a16cba9c859d9044_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:308ddae6eb56353cd515db33e8772fc0060e8449eae681c6e35aa4ed7f91bbdc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:1872fce9d3599368600ce07f81c6a2105bfdf10cb770fdeea57dd1e16f662789_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:3588fbc952ccdfa81b2e81ce55294f651d40ef331037fa7194350f533e502827_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:4d78b0a70e002c0319b54ec53bf7bf7dc6ff21d8e358a12ef1aaf209b9bdaaca_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odf-rhel9-operator@sha256:a625fa2ca62c1d763906995ec3be45366ade2ad467df32f5e0caac47b218d085_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:05d229587822eb2fcf26712251afd5cc200f24d2d4dfcb03652777aea36283ef_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:f953bc73c77fffa1c5aac0d8a899eb2a1d1d30dfc6f192b4ad0def41bf06c97f_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:7cd81cc6fd3131a30749efc4d56238fe4801c18d7b8125859f8e17ee48b132fb_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:33e368d66244b241e6eb7e39eb886fa92bf358ddb5a3f231ef3585a7e91d3726_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:7b942cea5dbcd0e3835ca5a28a2c71aeb0cae9895280b70104526ba05fc55354_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:a866d81ff9a81ef61cff50852fa584f786d789531b8cf59ba3ae0a6e41a597be_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/odr-rhel9-operator@sha256:de194d2dcd495f26094ddfe3683c1af12f831abc7867fe05c134363093a6fffc_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:2aa9161a19f70a119b7096f8ddf12c09dbd941a087481059d1cae021faba70cc_amd64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:253711dee2d7fdbf65756583ba63a73ed796b1205369e5ed9f48c253a67f4c0a_arm64",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2811668760323ad7853613f7e407beac05095494d2befb0a96b87b2bb0fab67c_ppc64le",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:7be758d1465b16f5bb5a2ddbbd6811129113d36108b9c3b3dc203220076987e1_s390x",
"Red Hat Openshift Data Foundation 4.2:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:889cb0027b1f5a60058304a093e6ff0862b160c0a1167eef3bf0937e93e8ff41_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication"
}
]
}
RHSA-2026:7291
Vulnerability from csaf_redhat - Published: 2026-04-09 11:00 - Updated: 2026-07-01 06:14A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in "../", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A memory exhaustion flaw has been discovered in the golang encoding/asn1 module. Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A potential denial of service flaw has been discovered in golang's crypto/x509 module. Due to the design of the name constraint checking algorithm, the processing time of some inputs scales non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional form of sanitization, and may allow injection of attacker controlled information into logs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A denial of service vulnerability has been discovered in the golang net/mail module. The ParseAddress function constructed domain-literal address components through repeated string concatenation which when parsing large domain-literal components, could cause excessive CPU consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A TLS connection handling flaw has been discovered in the golang crypto/tls library. During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Golang's cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial (hg) installed, this can occur when downloading modules from non-standard sources due to how external Version Control System (VCS) commands are constructed. Additionally, on systems with Git installed, providing malicious version strings to the toolchain can enable an attacker to write to arbitrary files on the filesystem. This issue is triggered by explicitly supplying these malicious version strings.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A certificate validation flaw has been discovered in the golang crypto/x509 module. Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.
CWE-295 - Improper Certificate Validation| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A path traversal flaw has been discovered in the golang `os` module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/net/http2. A remote attacker can exploit this vulnerability by sending specially crafted HTTP/2 frames, which are data packets used in the HTTP/2 protocol. Due to a missing check for null values, processing these specific frames (types 0x0a through 0x0f) can cause the server to crash. This leads to a Denial of Service (DoS) condition, making the affected server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
An input escaping flaw has been discovered in the golang html/template module. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow "url=" by setting htmlmetacontenturlescape=0.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go's `archive/tar` package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the `tar.Reader` processes an archive containing a large number of sparse regions in the "old GNU sparse map" format, it can lead to unbounded memory allocation. This can result in a Denial of Service (DoS) condition, making the affected application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-26-main@x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7291",
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27141",
"url": "https://access.redhat.com/security/cve/CVE-2026-27141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58190",
"url": "https://access.redhat.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47911",
"url": "https://access.redhat.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22873",
"url": "https://access.redhat.com/security/cve/CVE-2025-22873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68119",
"url": "https://access.redhat.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61732",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61731",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61725",
"url": "https://access.redhat.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61724",
"url": "https://access.redhat.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61723",
"url": "https://access.redhat.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58186",
"url": "https://access.redhat.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58185",
"url": "https://access.redhat.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58181",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47914",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47912",
"url": "https://access.redhat.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47910",
"url": "https://access.redhat.com/security/cve/CVE-2025-47910"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61730",
"url": "https://access.redhat.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58189",
"url": "https://access.redhat.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58187",
"url": "https://access.redhat.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58188",
"url": "https://access.redhat.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33809",
"url": "https://access.redhat.com/security/cve/CVE-2026-33809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32289",
"url": "https://access.redhat.com/security/cve/CVE-2026-32289"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32288",
"url": "https://access.redhat.com/security/cve/CVE-2026-32288"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32283",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27144",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27143",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33810",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61727",
"url": "https://access.redhat.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27139",
"url": "https://access.redhat.com/security/cve/CVE-2026-27139"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27138",
"url": "https://access.redhat.com/security/cve/CVE-2026-27138"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27137",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27142",
"url": "https://access.redhat.com/security/cve/CVE-2026-27142"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7291.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-01T06:14:19+00:00",
"generator": {
"date": "2026-07-01T06:14:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7291",
"initial_release_date": "2026-04-09T11:00:43+00:00",
"revision_history": [
{
"date": "2026-04-09T11:00:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-18T20:02:12+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T06:14:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@aarch64",
"product": {
"name": "golang1-26-main@aarch64",
"product_id": "golang1-26-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.2-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@src",
"product": {
"name": "golang1-26-main@src",
"product_id": "golang1-26-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.2-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@x86_64",
"product": {
"name": "golang1-26-main@x86_64",
"product_id": "golang1-26-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26@1.26.2-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-26-main@noarch",
"product": {
"name": "golang1-26-main@noarch",
"product_id": "golang1-26-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.26-docs@1.26.2-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@aarch64"
},
"product_reference": "golang1-26-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@noarch"
},
"product_reference": "golang1-26-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@src"
},
"product_reference": "golang1-26-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-26-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-26-main@x86_64"
},
"product_reference": "golang1-26-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22873",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-05T00:01:17.475869+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436992"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in \"../\", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os: os: Information disclosure via path traversal using specially crafted filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security classified this issue as Moderate.\n\nThe flaw exists in a local filesystem abstraction within the Go standard library, it can also be exploited remotely in applications that accept attacker-controlled path input over a network and pass it to Root.Open without proper validation. The attack complexity is low, as exploitation requires only appending \"../\" to the supplied path. However, the impact is limited: the flaw permits opening only the immediate parent directory, not arbitrary filesystem locations or files contained within that directory. There is no direct impact on file integrity or application availability. These constraints limit the practical exposure of the issue while still represents a boundary bypass and may expose unintended filesystem metadata. The issue does not permit traversal beyond the parent directory, modification of files, or broader system compromise, thereby constraining its overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22873"
},
{
"category": "external",
"summary": "RHBZ#2436992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436992"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22873"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2025/05/06/2",
"url": "http://www.openwall.com/lists/oss-security/2025/05/06/2"
},
{
"category": "external",
"summary": "https://go.dev/cl/670036",
"url": "https://go.dev/cl/670036"
},
{
"category": "external",
"summary": "https://go.dev/issue/73555",
"url": "https://go.dev/issue/73555"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4403",
"url": "https://pkg.go.dev/vuln/GO-2026-4403"
}
],
"release_date": "2026-02-04T23:05:24.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "os: os: Information disclosure via path traversal using specially crafted filenames"
},
{
"cve": "CVE-2025-47910",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2025-09-22T22:00:44.572202+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397528"
}
],
"notes": [
{
"category": "description",
"text": "A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: CrossOriginProtection bypass in net/http",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47910"
},
{
"category": "external",
"summary": "RHBZ#2397528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47910",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47910"
},
{
"category": "external",
"summary": "https://go.dev/cl/699275",
"url": "https://go.dev/cl/699275"
},
{
"category": "external",
"summary": "https://go.dev/issue/75054",
"url": "https://go.dev/issue/75054"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ",
"url": "https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3955",
"url": "https://pkg.go.dev/vuln/GO-2025-3955"
}
],
"release_date": "2025-09-22T21:01:55.440000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: CrossOriginProtection bypass in net/http"
},
{
"cve": "CVE-2025-47911",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2026-02-05T18:01:23.423406+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437109"
}
],
"notes": [
{
"category": "description",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "RHBZ#2437109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4440",
"url": "https://github.com/golang/vulndb/issues/4440"
},
{
"category": "external",
"summary": "https://go.dev/cl/709876",
"url": "https://go.dev/cl/709876"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4440",
"url": "https://pkg.go.dev/vuln/GO-2026-4440"
}
],
"release_date": "2026-02-05T17:48:44.562000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html"
},
{
"cve": "CVE-2025-47912",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-10-29T23:01:06.642219+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407247"
}
],
"notes": [
{
"category": "description",
"text": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "RHBZ#2407247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912"
},
{
"category": "external",
"summary": "https://go.dev/cl/709857",
"url": "https://go.dev/cl/709857"
},
{
"category": "external",
"summary": "https://go.dev/issue/75678",
"url": "https://go.dev/issue/75678"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4010",
"url": "https://pkg.go.dev/vuln/GO-2025-4010"
}
],
"release_date": "2025-10-29T22:10:13.435000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url"
},
{
"cve": "CVE-2025-47914",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-19T21:01:06.202641+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. The golang.org/x/crypto/ssh/agent library, when used in SSH Agent servers, does not properly validate the size of messages during new identity requests. A specially crafted malformed message can lead to an out-of-bounds read, causing the program to panic and resulting in a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "RHBZ#2416000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://go.dev/cl/721960",
"url": "https://go.dev/cl/721960"
},
{
"category": "external",
"summary": "https://go.dev/issue/76364",
"url": "https://go.dev/issue/76364"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4135",
"url": "https://pkg.go.dev/vuln/GO-2025-4135"
}
],
"release_date": "2025-11-19T20:33:43.126000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages"
},
{
"cve": "CVE-2025-58181",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-11-19T21:00:50.197590+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415997"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. SSH servers utilizing `golang.org/x/crypto/ssh` and configured to process GSSAPI authentication requests are susceptible to unbounded memory consumption. An attacker can exploit this by sending specially crafted GSSAPI authentication requests, potentially leading to a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "RHBZ#2415997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415997"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://go.dev/cl/721961",
"url": "https://go.dev/cl/721961"
},
{
"category": "external",
"summary": "https://go.dev/issue/76363",
"url": "https://go.dev/issue/76363"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4134",
"url": "https://pkg.go.dev/vuln/GO-2025-4134"
}
],
"release_date": "2025-11-19T20:33:42.795000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58185",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:25.877898+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407251"
}
],
"notes": [
{
"category": "description",
"text": "A memory exhaustion flaw has been discovered in the golang encoding/asn1 module. Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "RHBZ#2407251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407251"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd",
"url": "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd"
},
{
"category": "external",
"summary": "https://go.dev/cl/709856",
"url": "https://go.dev/cl/709856"
},
{
"category": "external",
"summary": "https://go.dev/issue/75671",
"url": "https://go.dev/issue/75671"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4011",
"url": "https://pkg.go.dev/vuln/GO-2025-4011"
}
],
"release_date": "2025-10-29T22:10:13.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1"
},
{
"cve": "CVE-2025-58186",
"discovery_date": "2025-10-29T23:01:22.260983+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407250"
}
],
"notes": [
{
"category": "description",
"text": "Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as \"a=;\", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "RHBZ#2407250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186"
},
{
"category": "external",
"summary": "https://go.dev/cl/709855",
"url": "https://go.dev/cl/709855"
},
{
"category": "external",
"summary": "https://go.dev/issue/75672",
"url": "https://go.dev/issue/75672"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4012",
"url": "https://pkg.go.dev/vuln/GO-2025-4012"
}
],
"release_date": "2025-10-29T22:10:13.912000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http"
},
{
"cve": "CVE-2025-58187",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:54.130980+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407259"
}
],
"notes": [
{
"category": "description",
"text": "A potential denial of service flaw has been discovered in golang\u0027s crypto/x509 module. Due to the design of the name constraint checking algorithm, the processing time of some inputs scales non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "RHBZ#2407259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4",
"url": "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4"
},
{
"category": "external",
"summary": "https://go.dev/cl/709854",
"url": "https://go.dev/cl/709854"
},
{
"category": "external",
"summary": "https://go.dev/issue/75681",
"url": "https://go.dev/issue/75681"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4007",
"url": "https://pkg.go.dev/vuln/GO-2025-4007"
}
],
"release_date": "2025-10-29T22:10:12.624000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509"
},
{
"cve": "CVE-2025-58188",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2025-10-29T23:01:39.787633+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407255"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impacts are limited on Red Hat products as they do not affect the host systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "RHBZ#2407255",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407255"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9",
"url": "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9"
},
{
"category": "external",
"summary": "https://go.dev/cl/709853",
"url": "https://go.dev/cl/709853"
},
{
"category": "external",
"summary": "https://go.dev/issue/75675",
"url": "https://go.dev/issue/75675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4013",
"url": "https://pkg.go.dev/vuln/GO-2025-4013"
}
],
"release_date": "2025-10-29T22:10:14.143000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509"
},
{
"cve": "CVE-2025-58189",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2025-10-29T23:01:57.740310+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407260"
}
],
"notes": [
{
"category": "description",
"text": "The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional form of sanitization, and may allow injection of attacker controlled information into logs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "RHBZ#2407260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"category": "external",
"summary": "https://go.dev/cl/707776",
"url": "https://go.dev/cl/707776"
},
{
"category": "external",
"summary": "https://go.dev/issue/75652",
"url": "https://go.dev/issue/75652"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4008",
"url": "https://pkg.go.dev/vuln/GO-2025-4008"
}
],
"release_date": "2025-10-29T22:10:12.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information"
},
{
"cve": "CVE-2025-58190",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-05T18:01:26.511908+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437110"
}
],
"notes": [
{
"category": "description",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Infinite parsing loop in golang.org/x/net",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "RHBZ#2437110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4441",
"url": "https://github.com/golang/vulndb/issues/4441"
},
{
"category": "external",
"summary": "https://go.dev/cl/709875",
"url": "https://go.dev/cl/709875"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4441",
"url": "https://pkg.go.dev/vuln/GO-2026-4441"
}
],
"release_date": "2026-02-05T17:48:44.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Infinite parsing loop in golang.org/x/net"
},
{
"cve": "CVE-2025-61723",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:29.304260+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407252"
}
],
"notes": [
{
"category": "description",
"text": "A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some\ninputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "RHBZ#2407252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b",
"url": "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b"
},
{
"category": "external",
"summary": "https://go.dev/cl/709858",
"url": "https://go.dev/cl/709858"
},
{
"category": "external",
"summary": "https://go.dev/issue/75676",
"url": "https://go.dev/issue/75676"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4009",
"url": "https://pkg.go.dev/vuln/GO-2025-4009"
}
],
"release_date": "2025-10-29T22:10:13.220000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem"
},
{
"cve": "CVE-2025-61724",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2025-10-29T23:01:47.202663+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407257"
}
],
"notes": [
{
"category": "description",
"text": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "RHBZ#2407257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407257"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"category": "external",
"summary": "https://go.dev/cl/709859",
"url": "https://go.dev/cl/709859"
},
{
"category": "external",
"summary": "https://go.dev/issue/75716",
"url": "https://go.dev/issue/75716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4015",
"url": "https://pkg.go.dev/vuln/GO-2025-4015"
}
],
"release_date": "2025-10-29T22:10:14.609000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto"
},
{
"cve": "CVE-2025-61725",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:18.805163+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407249"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability has been discovered in the golang net/mail module. The ParseAddress function constructed domain-literal address components through repeated string concatenation which when parsing large domain-literal components, could cause excessive CPU consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: Excessive CPU consumption in ParseAddress in net/mail",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "RHBZ#2407249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407249"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
},
{
"category": "external",
"summary": "https://go.dev/cl/709860",
"url": "https://go.dev/cl/709860"
},
{
"category": "external",
"summary": "https://go.dev/issue/75680",
"url": "https://go.dev/issue/75680"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4006",
"url": "https://pkg.go.dev/vuln/GO-2025-4006"
}
],
"release_date": "2025-10-29T22:10:12.255000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61727",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2025-12-03T20:01:21.730501+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418677"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to obtain a leaf certificate with a wildcard SAN (e.g., *.example.com) and the legitimate certificate policy must contain an excluded DNS name constraint (e.g., to prevent issuance for test.example.com), allowing an application using the crypto/x509 package to validate the certificate when it should have been rejected and to be vulnerable to MITM (man-in-the-middle) attacks. Additionally, the attacker does not have full control of what data can be read of modified during the attack. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "RHBZ#2418677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418677"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
},
{
"category": "external",
"summary": "https://go.dev/cl/723900",
"url": "https://go.dev/cl/723900"
},
{
"category": "external",
"summary": "https://go.dev/issue/76442",
"url": "https://go.dev/issue/76442"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4175",
"url": "https://pkg.go.dev/vuln/GO-2025-4175"
}
],
"release_date": "2025-12-03T19:37:15.054000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-61730",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-01-28T20:01:36.508659+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434430"
}
],
"notes": [
{
"category": "description",
"text": "A TLS connection handling flaw has been discovered in the golang crypto/tls library. During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The data leak after exploitation of this vulnerability is minor, data such as Handshake message contents that should have been processed only after switching to a stronger TLS 1.3 encryption level, Protocol state details such as which handshake message was processed when, Timing and ordering information about the TLS 1.3 state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "RHBZ#2434430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434430"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
},
{
"category": "external",
"summary": "https://go.dev/cl/724120",
"url": "https://go.dev/cl/724120"
},
{
"category": "external",
"summary": "https://go.dev/issue/76443",
"url": "https://go.dev/issue/76443"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4340",
"url": "https://pkg.go.dev/vuln/GO-2026-4340"
}
],
"release_date": "2026-01-28T19:30:30.986000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls"
},
{
"cve": "CVE-2025-61731",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:45.587773+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434433"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the \u0027#cgo pkg-config:\u0027 directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a \u0027--log-file\u0027 argument to the pkg-config command. This vulnerability can lead to arbitrary file write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is Important rather than Moderate because compiling a malicious Go source file can cause `pkg-config` to create or append data to files at attacker-chosen locations, subject to the permissions of the build user. This can enable unintended filesystem modifications during the build process, which can lead to broken builds, alter tool behavior, and poison caches or artifacts, even without direct code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "RHBZ#2434433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://go.dev/cl/736711",
"url": "https://go.dev/cl/736711"
},
{
"category": "external",
"summary": "https://go.dev/issue/77100",
"url": "https://go.dev/issue/77100"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4339",
"url": "https://pkg.go.dev/vuln/GO-2026-4339"
}
],
"release_date": "2026-01-28T19:30:30.844000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive"
},
{
"cve": "CVE-2025-61732",
"discovery_date": "2026-02-05T05:00:47.678207+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s \u0027cgo tool\u0027. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in the `cmd/cgo` component of the Go toolchain. A parsing discrepancy between Go and C/C++ comments could allow for code smuggling into the resulting `cgo` binary. This primarily affects systems where untrusted Go modules utilizing `cgo` are built, impacting Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "RHBZ#2437016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://go.dev/cl/734220",
"url": "https://go.dev/cl/734220"
},
{
"category": "external",
"summary": "https://go.dev/issue/76697",
"url": "https://go.dev/issue/76697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4433",
"url": "https://pkg.go.dev/vuln/GO-2026-4433"
}
],
"release_date": "2026-02-05T03:42:26.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy"
},
{
"cve": "CVE-2025-68119",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:57.098669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434438"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang\u0027s cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial (hg) installed, this can occur when downloading modules from non-standard sources due to how external Version Control System (VCS) commands are constructed. Additionally, on systems with Git installed, providing malicious version strings to the toolchain can enable an attacker to write to arbitrary files on the filesystem. This issue is triggered by explicitly supplying these malicious version strings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Local code execution and arbitrary file write via malicious module version strings",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is rated Moderate severity by Red Hat Product Security, because exploitation requires non-standard and intentional user behavior. \n\nThe attacker must explicitly supply a specially crafted module version string, which does not occur during normal Go module usage such as @latest or standard module paths, making the attack complexity high. \n\nAdditionally, user interaction is required, as the vulnerable behavior is only triggered when a user manually invokes the Go toolchain to download or build the malicious module.\n \nWhile successful exploitation can result in local code execution or arbitrary file modification, the combination of local access, manual input, and uncommon usage patterns significantly limits the likelihood of exploitation in typical environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "RHBZ#2434438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434438"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
},
{
"category": "external",
"summary": "https://go.dev/cl/736710",
"url": "https://go.dev/cl/736710"
},
{
"category": "external",
"summary": "https://go.dev/issue/77099",
"url": "https://go.dev/issue/77099"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4338",
"url": "https://pkg.go.dev/vuln/GO-2026-4338"
}
],
"release_date": "2026-01-28T19:30:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cmd/go: cmd/go: Local code execution and arbitrary file write via malicious module version strings"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27137",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:38.859733+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445345"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27137"
},
{
"category": "external",
"summary": "RHBZ#2445345",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445345"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27137",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27137"
},
{
"category": "external",
"summary": "https://go.dev/cl/752182",
"url": "https://go.dev/cl/752182"
},
{
"category": "external",
"summary": "https://go.dev/issue/77952",
"url": "https://go.dev/issue/77952"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4599",
"url": "https://pkg.go.dev/vuln/GO-2026-4599"
}
],
"release_date": "2026-03-06T21:28:13.748000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: Incorrect enforcement of email constraints in crypto/x509"
},
{
"cve": "CVE-2026-27138",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-03-06T22:01:35.939008+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445344"
}
],
"notes": [
{
"category": "description",
"text": "A certificate validation flaw has been discovered in the golang crypto/x509 module. Certificate verification can panic when a certificate in the chain has an empty DNS name and another certificate in the chain has excluded name constraints. This can crash programs that are either directly verifying X.509 certificate chains, or those that use TLS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27138"
},
{
"category": "external",
"summary": "RHBZ#2445344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27138",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27138"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27138"
},
{
"category": "external",
"summary": "https://go.dev/cl/752183",
"url": "https://go.dev/cl/752183"
},
{
"category": "external",
"summary": "https://go.dev/issue/77953",
"url": "https://go.dev/issue/77953"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4600",
"url": "https://pkg.go.dev/vuln/GO-2026-4600"
}
],
"release_date": "2026-03-06T21:28:14+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "crypto/x509: Panic in name constraint checking for malformed certificates in crypto/x509"
},
{
"cve": "CVE-2026-27139",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-06T22:01:08.670782+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445335"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the golang `os` module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os: FileInfo can escape from a Root in golang os module",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27139"
},
{
"category": "external",
"summary": "RHBZ#2445335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
},
{
"category": "external",
"summary": "https://go.dev/cl/749480",
"url": "https://go.dev/cl/749480"
},
{
"category": "external",
"summary": "https://go.dev/issue/77827",
"url": "https://go.dev/issue/77827"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4602",
"url": "https://pkg.go.dev/vuln/GO-2026-4602"
}
],
"release_date": "2026-03-06T21:28:14.451000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "os: FileInfo can escape from a Root in golang os module"
},
{
"cve": "CVE-2026-27141",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-02-26T20:09:11.626155+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443104"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/http2. A remote attacker can exploit this vulnerability by sending specially crafted HTTP/2 frames, which are data packets used in the HTTP/2 protocol. Due to a missing check for null values, processing these specific frames (types 0x0a through 0x0f) can cause the server to crash. This leads to a Denial of Service (DoS) condition, making the affected server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27141"
},
{
"category": "external",
"summary": "RHBZ#2443104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443104"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141"
},
{
"category": "external",
"summary": "https://go.dev/cl/746180",
"url": "https://go.dev/cl/746180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77652",
"url": "https://go.dev/issue/77652"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4559",
"url": "https://pkg.go.dev/vuln/GO-2026-4559"
}
],
"release_date": "2026-02-26T18:50:31.830000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames"
},
{
"cve": "CVE-2026-27142",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-03-06T22:01:56.662646+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445351"
}
],
"notes": [
{
"category": "description",
"text": "An input escaping flaw has been discovered in the golang html/template module. Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: URLs in meta content attribute actions are not escaped in html/template",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27142"
},
{
"category": "external",
"summary": "RHBZ#2445351",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445351"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27142",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27142"
},
{
"category": "external",
"summary": "https://go.dev/cl/752081",
"url": "https://go.dev/cl/752081"
},
{
"category": "external",
"summary": "https://go.dev/issue/77954",
"url": "https://go.dev/issue/77954"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4603",
"url": "https://pkg.go.dev/vuln/GO-2026-4603"
}
],
"release_date": "2026-03-06T21:28:14.674000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: URLs in meta content attribute actions are not escaped in html/template"
},
{
"cve": "CVE-2026-27143",
"cwe": {
"id": "CWE-733",
"name": "Compiler Optimization Removal or Modification of Security-critical Code"
},
"discovery_date": "2026-04-08T02:01:29.491546+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: possible memory corruption after bound check elimination",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "RHBZ#2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://go.dev/cl/763765",
"url": "https://go.dev/cl/763765"
},
{
"category": "external",
"summary": "https://go.dev/issue/78333",
"url": "https://go.dev/issue/78333"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4868",
"url": "https://pkg.go.dev/vuln/GO-2026-4868"
}
],
"release_date": "2026-04-08T01:06:57.168000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: possible memory corruption after bound check elimination"
},
{
"cve": "CVE-2026-27144",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2026-04-08T02:01:22.896153+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: no-op interface conversion bypasses overlap checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable in applications that contain a memory move or copy operation that is subject to a no-op (no-operation) interface conversion. Furthermore, the source and destination memory addresses involved in the move or copy must overlap and an attacker must be able to supply an input that triggers this specific operation. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "RHBZ#2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://go.dev/cl/763764",
"url": "https://go.dev/cl/763764"
},
{
"category": "external",
"summary": "https://go.dev/issue/78371",
"url": "https://go.dev/issue/78371"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4867",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"release_date": "2026-04-08T01:06:56.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "To mitigate this issue, review code that performs memory copies or struct assignments. If data is being passed through an interface (such as \u0027any\u0027 or \u0027interface{}\u0027) just before a move operation, refactor the code to use concrete types or explicit pointers instead.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: no-op interface conversion bypasses overlap checking"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32288",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:00:57.624222+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `archive/tar` package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the `tar.Reader` processes an archive containing a large number of sparse regions in the \"old GNU sparse map\" format, it can lead to unbounded memory allocation. This can result in a Denial of Service (DoS) condition, making the affected application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "archive/tar: golang: Go\u0027s archive/tar package: Denial of Service via maliciously-crafted archive",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32288"
},
{
"category": "external",
"summary": "RHBZ#2456332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32288"
},
{
"category": "external",
"summary": "https://go.dev/cl/763766",
"url": "https://go.dev/cl/763766"
},
{
"category": "external",
"summary": "https://go.dev/issue/78301",
"url": "https://go.dev/issue/78301"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4869",
"url": "https://pkg.go.dev/vuln/GO-2026-4869"
}
],
"release_date": "2026-04-08T01:06:57.416000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "archive/tar: golang: Go\u0027s archive/tar package: Denial of Service via maliciously-crafted archive"
},
{
"cve": "CVE-2026-32289",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-04-08T02:01:05.911683+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456334"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32289"
},
{
"category": "external",
"summary": "RHBZ#2456334",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456334"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
},
{
"category": "external",
"summary": "https://go.dev/cl/763762",
"url": "https://go.dev/cl/763762"
},
{
"category": "external",
"summary": "https://go.dev/issue/78331",
"url": "https://go.dev/issue/78331"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4865",
"url": "https://pkg.go.dev/vuln/GO-2026-4865"
}
],
"release_date": "2026-04-08T01:06:56.297000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals"
},
{
"cve": "CVE-2026-33809",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-25T19:01:55.384019+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451437"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33809"
},
{
"category": "external",
"summary": "RHBZ#2451437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451437"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33809",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33809"
},
{
"category": "external",
"summary": "https://go.dev/cl/757660",
"url": "https://go.dev/cl/757660"
},
{
"category": "external",
"summary": "https://go.dev/issue/78267",
"url": "https://go.dev/issue/78267"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4815",
"url": "https://pkg.go.dev/vuln/GO-2026-4815"
}
],
"release_date": "2026-03-25T18:24:04.222000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file"
},
{
"cve": "CVE-2026-33810",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-08T02:01:09.100830+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/x509` package within Go (golang). When verifying a certificate chain, excluded DNS (Domain Name System) constraints are not correctly applied to wildcard DNS Subject Alternative Names (SANs) if the case of the SAN differs from the constraint. This oversight could allow an attacker to bypass certificate validation, potentially leading to the acceptance of a malicious certificate that should have been rejected. This issue specifically impacts the validation of trusted certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33810"
},
{
"category": "external",
"summary": "RHBZ#2456335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33810",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33810"
},
{
"category": "external",
"summary": "https://go.dev/cl/763763",
"url": "https://go.dev/cl/763763"
},
{
"category": "external",
"summary": "https://go.dev/issue/78332",
"url": "https://go.dev/issue/78332"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4866",
"url": "https://pkg.go.dev/vuln/GO-2026-4866"
}
],
"release_date": "2026-04-08T01:06:56.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T11:00:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-26-main@aarch64",
"Red Hat Hardened Images:golang1-26-main@noarch",
"Red Hat Hardened Images:golang1-26-main@src",
"Red Hat Hardened Images:golang1-26-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application"
}
]
}
RHSA-2026:7385
Vulnerability from csaf_redhat - Published: 2026-04-10 14:24 - Updated: 2026-07-01 06:14A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in "../", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A memory exhaustion flaw has been discovered in the golang encoding/asn1 module. Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A potential denial of service flaw has been discovered in golang's crypto/x509 module. Due to the design of the name constraint checking algorithm, the processing time of some inputs scales non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional form of sanitization, and may allow injection of attacker controlled information into logs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A denial of service vulnerability has been discovered in the golang net/mail module. The ParseAddress function constructed domain-literal address components through repeated string concatenation which when parsing large domain-literal components, could cause excessive CPU consumption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A TLS connection handling flaw has been discovered in the golang crypto/tls library. During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the '#cgo pkg-config:' directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a '--log-file' argument to the pkg-config command. This vulnerability can lead to arbitrary file write.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Go's 'cgo tool'. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then "smuggled" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Golang's cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial (hg) installed, this can occur when downloading modules from non-standard sources due to how external Version Control System (VCS) commands are constructed. Additionally, on systems with Git installed, providing malicious version strings to the toolchain can enable an attacker to write to arbitrary files on the filesystem. This issue is triggered by explicitly supplying these malicious version strings.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A path traversal flaw has been discovered in the golang `os` module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/net/http2. A remote attacker can exploit this vulnerability by sending specially crafted HTTP/2 frames, which are data packets used in the HTTP/2 protocol. Due to a missing check for null values, processing these specific frames (types 0x0a through 0x0f) can cause the server to crash. This leads to a Denial of Service (DoS) condition, making the affected server unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Go's `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in Go's `archive/tar` package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the `tar.Reader` processes an archive containing a large number of sparse regions in the "old GNU sparse map" format, it can lead to unbounded memory allocation. This can result in a Denial of Service (DoS) condition, making the affected application unresponsive.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:golang1-25-main@x86_64 | — |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7385",
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27141",
"url": "https://access.redhat.com/security/cve/CVE-2026-27141"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58190",
"url": "https://access.redhat.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47911",
"url": "https://access.redhat.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22873",
"url": "https://access.redhat.com/security/cve/CVE-2025-22873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68119",
"url": "https://access.redhat.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61732",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61731",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61725",
"url": "https://access.redhat.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61724",
"url": "https://access.redhat.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61723",
"url": "https://access.redhat.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58186",
"url": "https://access.redhat.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58185",
"url": "https://access.redhat.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58181",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47914",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47912",
"url": "https://access.redhat.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47910",
"url": "https://access.redhat.com/security/cve/CVE-2025-47910"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61730",
"url": "https://access.redhat.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58189",
"url": "https://access.redhat.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58187",
"url": "https://access.redhat.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58188",
"url": "https://access.redhat.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33809",
"url": "https://access.redhat.com/security/cve/CVE-2026-33809"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32289",
"url": "https://access.redhat.com/security/cve/CVE-2026-32289"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32288",
"url": "https://access.redhat.com/security/cve/CVE-2026-32288"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32283",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32282",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32281",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27144",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27143",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61727",
"url": "https://access.redhat.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25679",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27139",
"url": "https://access.redhat.com/security/cve/CVE-2026-27139"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33813",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42503",
"url": "https://access.redhat.com/security/cve/CVE-2026-42503"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7385.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-01T06:14:20+00:00",
"generator": {
"date": "2026-07-01T06:14:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:7385",
"initial_release_date": "2026-04-10T14:24:10+00:00",
"revision_history": [
{
"date": "2026-04-10T14:24:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-07T03:11:40+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T06:14:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@aarch64",
"product": {
"name": "golang1-25-main@aarch64",
"product_id": "golang1-25-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.9-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@src",
"product": {
"name": "golang1-25-main@src",
"product_id": "golang1-25-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.9-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@x86_64",
"product": {
"name": "golang1-25-main@x86_64",
"product_id": "golang1-25-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25@1.25.9-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "golang1-25-main@noarch",
"product": {
"name": "golang1-25-main@noarch",
"product_id": "golang1-25-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang1.25-docs@1.25.9-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@aarch64"
},
"product_reference": "golang1-25-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@noarch"
},
"product_reference": "golang1-25-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@src"
},
"product_reference": "golang1-25-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang1-25-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:golang1-25-main@x86_64"
},
"product_reference": "golang1-25-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22873",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-05T00:01:17.475869+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436992"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal vulnerability has been identified in the Go os package affecting the Root abstraction, where improper handling of trailing path separators could allow access to the parent directory of a configured root directory. By supplying a filename ending in \"../\", an attacker may be able to open the immediate parent directory of the intended Root. Although this escape does not allow traversal to higher-level ancestors or direct access to files within the parent directory, it may expose directory metadata or unintended filesystem structure if the application passes untrusted path input to Root.Open.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os: os: Information disclosure via path traversal using specially crafted filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security classified this issue as Moderate.\n\nThe flaw exists in a local filesystem abstraction within the Go standard library, it can also be exploited remotely in applications that accept attacker-controlled path input over a network and pass it to Root.Open without proper validation. The attack complexity is low, as exploitation requires only appending \"../\" to the supplied path. However, the impact is limited: the flaw permits opening only the immediate parent directory, not arbitrary filesystem locations or files contained within that directory. There is no direct impact on file integrity or application availability. These constraints limit the practical exposure of the issue while still represents a boundary bypass and may expose unintended filesystem metadata. The issue does not permit traversal beyond the parent directory, modification of files, or broader system compromise, thereby constraining its overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22873"
},
{
"category": "external",
"summary": "RHBZ#2436992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436992"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22873"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2025/05/06/2",
"url": "http://www.openwall.com/lists/oss-security/2025/05/06/2"
},
{
"category": "external",
"summary": "https://go.dev/cl/670036",
"url": "https://go.dev/cl/670036"
},
{
"category": "external",
"summary": "https://go.dev/issue/73555",
"url": "https://go.dev/issue/73555"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4403",
"url": "https://pkg.go.dev/vuln/GO-2026-4403"
}
],
"release_date": "2026-02-04T23:05:24.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "os: os: Information disclosure via path traversal using specially crafted filenames"
},
{
"cve": "CVE-2025-47910",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2025-09-22T22:00:44.572202+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397528"
}
],
"notes": [
{
"category": "description",
"text": "A CrossOriginProtection bypass has been discovered in the golang net/http package. When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: CrossOriginProtection bypass in net/http",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47910"
},
{
"category": "external",
"summary": "RHBZ#2397528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47910",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47910",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47910"
},
{
"category": "external",
"summary": "https://go.dev/cl/699275",
"url": "https://go.dev/cl/699275"
},
{
"category": "external",
"summary": "https://go.dev/issue/75054",
"url": "https://go.dev/issue/75054"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ",
"url": "https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3955",
"url": "https://pkg.go.dev/vuln/GO-2025-3955"
}
],
"release_date": "2025-09-22T21:01:55.440000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: CrossOriginProtection bypass in net/http"
},
{
"cve": "CVE-2025-47911",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2026-02-05T18:01:23.423406+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437109"
}
],
"notes": [
{
"category": "description",
"text": "The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47911"
},
{
"category": "external",
"summary": "RHBZ#2437109",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437109"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47911"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4440",
"url": "https://github.com/golang/vulndb/issues/4440"
},
{
"category": "external",
"summary": "https://go.dev/cl/709876",
"url": "https://go.dev/cl/709876"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4440",
"url": "https://pkg.go.dev/vuln/GO-2026-4440"
}
],
"release_date": "2026-02-05T17:48:44.562000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Quadratic parsing complexity in golang.org/x/net/html"
},
{
"cve": "CVE-2025-47912",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-10-29T23:01:06.642219+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407247"
}
],
"notes": [
{
"category": "description",
"text": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47912"
},
{
"category": "external",
"summary": "RHBZ#2407247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47912"
},
{
"category": "external",
"summary": "https://go.dev/cl/709857",
"url": "https://go.dev/cl/709857"
},
{
"category": "external",
"summary": "https://go.dev/issue/75678",
"url": "https://go.dev/issue/75678"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4010",
"url": "https://pkg.go.dev/vuln/GO-2025-4010"
}
],
"release_date": "2025-10-29T22:10:13.435000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url"
},
{
"cve": "CVE-2025-47914",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-11-19T21:01:06.202641+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416000"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the SSH Agent servers component (golang.org/x/crypto/ssh/agent). This vulnerability allows a remote attacker to cause a denial of service (DoS) by sending a specially crafted, malformed message during new identity requests. The server fails to validate the size of these messages, leading to an out-of-bounds read that can cause the program to panic and terminate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. The golang.org/x/crypto/ssh/agent library, when used in SSH Agent servers, does not properly validate the size of messages during new identity requests. A specially crafted malformed message can lead to an out-of-bounds read, causing the program to panic and resulting in a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "RHBZ#2416000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
},
{
"category": "external",
"summary": "https://go.dev/cl/721960",
"url": "https://go.dev/cl/721960"
},
{
"category": "external",
"summary": "https://go.dev/issue/76364",
"url": "https://go.dev/issue/76364"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4135",
"url": "https://pkg.go.dev/vuln/GO-2025-4135"
}
],
"release_date": "2025-11-19T20:33:43.126000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages"
},
{
"cve": "CVE-2025-58181",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-11-19T21:00:50.197590+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2415997"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. An attacker can exploit this vulnerability by sending specially crafted GSSAPI (Generic Security Service Application Program Interface) authentication requests to an SSH (Secure Shell) server. The server fails to validate the number of mechanisms specified in these requests, leading to unbounded memory consumption. This can result in a Denial of Service (DoS), making the SSH server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat. SSH servers utilizing `golang.org/x/crypto/ssh` and configured to process GSSAPI authentication requests are susceptible to unbounded memory consumption. An attacker can exploit this by sending specially crafted GSSAPI authentication requests, potentially leading to a denial of service.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "RHBZ#2415997",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415997"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
},
{
"category": "external",
"summary": "https://go.dev/cl/721961",
"url": "https://go.dev/cl/721961"
},
{
"category": "external",
"summary": "https://go.dev/issue/76363",
"url": "https://go.dev/issue/76363"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA",
"url": "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4134",
"url": "https://pkg.go.dev/vuln/GO-2025-4134"
}
],
"release_date": "2025-11-19T20:33:42.795000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication"
},
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
},
{
"cve": "CVE-2025-58185",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:25.877898+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407251"
}
],
"notes": [
{
"category": "description",
"text": "A memory exhaustion flaw has been discovered in the golang encoding/asn1 module. Within parseSequenceOf, reflect.MakeSlice is being used to pre-allocate a slice that is needed in order to fully validate the given DER payload. The size of the slice allocated are also multiple times larger than the input DER. As a result, a malicious actor can craft a big empty DER payload, resulting in an unnecessary large allocation of memories. This can be a way to cause memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58185"
},
{
"category": "external",
"summary": "RHBZ#2407251",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407251"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58185"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd",
"url": "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd"
},
{
"category": "external",
"summary": "https://go.dev/cl/709856",
"url": "https://go.dev/cl/709856"
},
{
"category": "external",
"summary": "https://go.dev/issue/75671",
"url": "https://go.dev/issue/75671"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4011",
"url": "https://pkg.go.dev/vuln/GO-2025-4011"
}
],
"release_date": "2025-10-29T22:10:13.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1"
},
{
"cve": "CVE-2025-58186",
"discovery_date": "2025-10-29T23:01:22.260983+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407250"
}
],
"notes": [
{
"category": "description",
"text": "Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as \"a=;\", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58186"
},
{
"category": "external",
"summary": "RHBZ#2407250",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407250"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58186"
},
{
"category": "external",
"summary": "https://go.dev/cl/709855",
"url": "https://go.dev/cl/709855"
},
{
"category": "external",
"summary": "https://go.dev/issue/75672",
"url": "https://go.dev/issue/75672"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4012",
"url": "https://pkg.go.dev/vuln/GO-2025-4012"
}
],
"release_date": "2025-10-29T22:10:13.912000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang.org/net/http: Lack of limit when parsing cookies can cause memory exhaustion in net/http"
},
{
"cve": "CVE-2025-58187",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:54.130980+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407259"
}
],
"notes": [
{
"category": "description",
"text": "A potential denial of service flaw has been discovered in golang\u0027s crypto/x509 module. Due to the design of the name constraint checking algorithm, the processing time of some inputs scales non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58187"
},
{
"category": "external",
"summary": "RHBZ#2407259",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407259"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58187"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4",
"url": "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4"
},
{
"category": "external",
"summary": "https://go.dev/cl/709854",
"url": "https://go.dev/cl/709854"
},
{
"category": "external",
"summary": "https://go.dev/issue/75681",
"url": "https://go.dev/issue/75681"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4007",
"url": "https://pkg.go.dev/vuln/GO-2025-4007"
}
],
"release_date": "2025-10-29T22:10:12.624000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509"
},
{
"cve": "CVE-2025-58188",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2025-10-29T23:01:39.787633+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407255"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vector has been discovered in the golang crypto/x509 module. An attacker could craft an intermediate X.509 certificate containing a DSA public key and can crash a remote host with an unauthenticated call to any endpoint that verifies the certificate chain.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Availability impacts are limited on Red Hat products as they do not affect the host systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58188"
},
{
"category": "external",
"summary": "RHBZ#2407255",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407255"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58188"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9",
"url": "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9"
},
{
"category": "external",
"summary": "https://go.dev/cl/709853",
"url": "https://go.dev/cl/709853"
},
{
"category": "external",
"summary": "https://go.dev/issue/75675",
"url": "https://go.dev/issue/75675"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4013",
"url": "https://pkg.go.dev/vuln/GO-2025-4013"
}
],
"release_date": "2025-10-29T22:10:14.143000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509"
},
{
"cve": "CVE-2025-58189",
"cwe": {
"id": "CWE-117",
"name": "Improper Output Neutralization for Logs"
},
"discovery_date": "2025-10-29T23:01:57.740310+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407260"
}
],
"notes": [
{
"category": "description",
"text": "The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional form of sanitization, and may allow injection of attacker controlled information into logs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58189"
},
{
"category": "external",
"summary": "RHBZ#2407260",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407260"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58189"
},
{
"category": "external",
"summary": "https://go.dev/cl/707776",
"url": "https://go.dev/cl/707776"
},
{
"category": "external",
"summary": "https://go.dev/issue/75652",
"url": "https://go.dev/issue/75652"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4008",
"url": "https://pkg.go.dev/vuln/GO-2025-4008"
}
],
"release_date": "2025-10-29T22:10:12.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information"
},
{
"cve": "CVE-2025-58190",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-05T18:01:26.511908+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437110"
}
],
"notes": [
{
"category": "description",
"text": "The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) in an exposed go application if an attacker provides specially crafted HTML content.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Infinite parsing loop in golang.org/x/net",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58190"
},
{
"category": "external",
"summary": "RHBZ#2437110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437110"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58190",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58190"
},
{
"category": "external",
"summary": "https://github.com/golang/vulndb/issues/4441",
"url": "https://github.com/golang/vulndb/issues/4441"
},
{
"category": "external",
"summary": "https://go.dev/cl/709875",
"url": "https://go.dev/cl/709875"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c",
"url": "https://groups.google.com/g/golang-announce/c/jnQcOYpiR2c"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4441",
"url": "https://pkg.go.dev/vuln/GO-2026-4441"
}
],
"release_date": "2026-02-05T17:48:44.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/html: Infinite parsing loop in golang.org/x/net"
},
{
"cve": "CVE-2025-61723",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:29.304260+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407252"
}
],
"notes": [
{
"category": "description",
"text": "A potential denial of service flaw has been discovered in the golang encoding/pem module. Due to the design of the PEM parsing function, the processing time for some\ninputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs and may result in an unresponsive program should an attacker exploit it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61723"
},
{
"category": "external",
"summary": "RHBZ#2407252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407252"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61723"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b",
"url": "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b"
},
{
"category": "external",
"summary": "https://go.dev/cl/709858",
"url": "https://go.dev/cl/709858"
},
{
"category": "external",
"summary": "https://go.dev/issue/75676",
"url": "https://go.dev/issue/75676"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4009",
"url": "https://pkg.go.dev/vuln/GO-2025-4009"
}
],
"release_date": "2025-10-29T22:10:13.220000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem"
},
{
"cve": "CVE-2025-61724",
"cwe": {
"id": "CWE-1046",
"name": "Creation of Immutable Text Using String Concatenation"
},
"discovery_date": "2025-10-29T23:01:47.202663+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407257"
}
],
"notes": [
{
"category": "description",
"text": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61724"
},
{
"category": "external",
"summary": "RHBZ#2407257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407257"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61724"
},
{
"category": "external",
"summary": "https://go.dev/cl/709859",
"url": "https://go.dev/cl/709859"
},
{
"category": "external",
"summary": "https://go.dev/issue/75716",
"url": "https://go.dev/issue/75716"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4015",
"url": "https://pkg.go.dev/vuln/GO-2025-4015"
}
],
"release_date": "2025-10-29T22:10:14.609000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto"
},
{
"cve": "CVE-2025-61725",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:18.805163+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407249"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability has been discovered in the golang net/mail module. The ParseAddress function constructed domain-literal address components through repeated string concatenation which when parsing large domain-literal components, could cause excessive CPU consumption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/mail: Excessive CPU consumption in ParseAddress in net/mail",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61725"
},
{
"category": "external",
"summary": "RHBZ#2407249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407249"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61725"
},
{
"category": "external",
"summary": "https://go.dev/cl/709860",
"url": "https://go.dev/cl/709860"
},
{
"category": "external",
"summary": "https://go.dev/issue/75680",
"url": "https://go.dev/issue/75680"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4006",
"url": "https://pkg.go.dev/vuln/GO-2025-4006"
}
],
"release_date": "2025-10-29T22:10:12.255000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61727",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2025-12-03T20:01:21.730501+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418677"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 package in the Go standard library. This vulnerability allows a certificate validation bypass via an excluded subdomain constraint in a certificated chain as it does not restrict the usage of wildcard SANs in the leaf certificate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to obtain a leaf certificate with a wildcard SAN (e.g., *.example.com) and the legitimate certificate policy must contain an excluded DNS name constraint (e.g., to prevent issuance for test.example.com), allowing an application using the crypto/x509 package to validate the certificate when it should have been rejected and to be vulnerable to MITM (man-in-the-middle) attacks. Additionally, the attacker does not have full control of what data can be read of modified during the attack. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61727"
},
{
"category": "external",
"summary": "RHBZ#2418677",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418677"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61727"
},
{
"category": "external",
"summary": "https://go.dev/cl/723900",
"url": "https://go.dev/cl/723900"
},
{
"category": "external",
"summary": "https://go.dev/issue/76442",
"url": "https://go.dev/issue/76442"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4175",
"url": "https://pkg.go.dev/vuln/GO-2025-4175"
}
],
"release_date": "2025-12-03T19:37:15.054000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-61730",
"cwe": {
"id": "CWE-325",
"name": "Missing Cryptographic Step"
},
"discovery_date": "2026-01-28T20:01:36.508659+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434430"
}
],
"notes": [
{
"category": "description",
"text": "A TLS connection handling flaw has been discovered in the golang crypto/tls library. During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The data leak after exploitation of this vulnerability is minor, data such as Handshake message contents that should have been processed only after switching to a stronger TLS 1.3 encryption level, Protocol state details such as which handshake message was processed when, Timing and ordering information about the TLS 1.3 state.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61730"
},
{
"category": "external",
"summary": "RHBZ#2434430",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434430"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61730",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61730"
},
{
"category": "external",
"summary": "https://go.dev/cl/724120",
"url": "https://go.dev/cl/724120"
},
{
"category": "external",
"summary": "https://go.dev/issue/76443",
"url": "https://go.dev/issue/76443"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4340",
"url": "https://pkg.go.dev/vuln/GO-2026-4340"
}
],
"release_date": "2026-01-28T19:30:30.986000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls"
},
{
"cve": "CVE-2025-61731",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:45.587773+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434433"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in cmd/go. An attacker can exploit this by building a malicious Go source file that uses the \u0027#cgo pkg-config:\u0027 directive. This allows the attacker to write to an arbitrary file with partial control over its content, by providing a \u0027--log-file\u0027 argument to the pkg-config command. This vulnerability can lead to arbitrary file write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is Important rather than Moderate because compiling a malicious Go source file can cause `pkg-config` to create or append data to files at attacker-chosen locations, subject to the permissions of the build user. This can enable unintended filesystem modifications during the build process, which can lead to broken builds, alter tool behavior, and poison caches or artifacts, even without direct code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61731"
},
{
"category": "external",
"summary": "RHBZ#2434433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434433"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61731",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61731"
},
{
"category": "external",
"summary": "https://go.dev/cl/736711",
"url": "https://go.dev/cl/736711"
},
{
"category": "external",
"summary": "https://go.dev/issue/77100",
"url": "https://go.dev/issue/77100"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4339",
"url": "https://pkg.go.dev/vuln/GO-2026-4339"
}
],
"release_date": "2026-01-28T19:30:30.844000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive"
},
{
"cve": "CVE-2025-61732",
"discovery_date": "2026-02-05T05:00:47.678207+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s \u0027cgo tool\u0027. This vulnerability arises from a discrepancy in how Go and C/C++ comments are parsed, which allows for malicious code to be hidden within comments and then \"smuggled\" into the compiled `cgo` binary. An attacker could exploit this to embed and execute arbitrary code, potentially leading to significant system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important vulnerability in the `cmd/cgo` component of the Go toolchain. A parsing discrepancy between Go and C/C++ comments could allow for code smuggling into the resulting `cgo` binary. This primarily affects systems where untrusted Go modules utilizing `cgo` are built, impacting Red Hat Enterprise Linux and OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61732"
},
{
"category": "external",
"summary": "RHBZ#2437016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61732",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61732"
},
{
"category": "external",
"summary": "https://go.dev/cl/734220",
"url": "https://go.dev/cl/734220"
},
{
"category": "external",
"summary": "https://go.dev/issue/76697",
"url": "https://go.dev/issue/76697"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4433",
"url": "https://pkg.go.dev/vuln/GO-2026-4433"
}
],
"release_date": "2026-02-05T03:42:26.392000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cmd/cgo: Go cgo: Code smuggling due to comment parsing discrepancy"
},
{
"cve": "CVE-2025-68119",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-01-28T20:01:57.098669+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434438"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Golang\u0027s cmd/go module. This vulnerability allows a local attacker to achieve local code execution by downloading and building modules with specially crafted malicious version strings. On systems with Mercurial (hg) installed, this can occur when downloading modules from non-standard sources due to how external Version Control System (VCS) commands are constructed. Additionally, on systems with Git installed, providing malicious version strings to the toolchain can enable an attacker to write to arbitrary files on the filesystem. This issue is triggered by explicitly supplying these malicious version strings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cmd/go: cmd/go: Local code execution and arbitrary file write via malicious module version strings",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is rated Moderate severity by Red Hat Product Security, because exploitation requires non-standard and intentional user behavior. \n\nThe attacker must explicitly supply a specially crafted module version string, which does not occur during normal Go module usage such as @latest or standard module paths, making the attack complexity high. \n\nAdditionally, user interaction is required, as the vulnerable behavior is only triggered when a user manually invokes the Go toolchain to download or build the malicious module.\n \nWhile successful exploitation can result in local code execution or arbitrary file modification, the combination of local access, manual input, and uncommon usage patterns significantly limits the likelihood of exploitation in typical environments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68119"
},
{
"category": "external",
"summary": "RHBZ#2434438",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434438"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68119",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68119"
},
{
"category": "external",
"summary": "https://go.dev/cl/736710",
"url": "https://go.dev/cl/736710"
},
{
"category": "external",
"summary": "https://go.dev/issue/77099",
"url": "https://go.dev/issue/77099"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4338",
"url": "https://pkg.go.dev/vuln/GO-2026-4338"
}
],
"release_date": "2026-01-28T19:30:30.704000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u0027s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cmd/go: cmd/go: Local code execution and arbitrary file write via malicious module version strings"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-25679",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2026-03-06T22:02:11.567841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445356"
}
],
"notes": [
{
"category": "description",
"text": "The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/url: Incorrect parsing of IPv6 host literals in net/url",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25679"
},
{
"category": "external",
"summary": "RHBZ#2445356",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445356"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25679"
},
{
"category": "external",
"summary": "https://go.dev/cl/752180",
"url": "https://go.dev/cl/752180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77578",
"url": "https://go.dev/issue/77578"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4601",
"url": "https://pkg.go.dev/vuln/GO-2026-4601"
}
],
"release_date": "2026-03-06T21:28:14.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "net/url: Incorrect parsing of IPv6 host literals in net/url"
},
{
"cve": "CVE-2026-27139",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-03-06T22:01:08.670782+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445335"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the golang `os` module. On Unix platforms, when listing the contents of a directory using File.ReadDir or File.Readdir the returned FileInfo could reference a file outside of the Root in which the File was opened. The impact of this escape is limited to reading metadata provided by lstat from arbitrary locations on the filesystem without permitting reading or writing files outside the root.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os: FileInfo can escape from a Root in golang os module",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27139"
},
{
"category": "external",
"summary": "RHBZ#2445335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27139",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27139"
},
{
"category": "external",
"summary": "https://go.dev/cl/749480",
"url": "https://go.dev/cl/749480"
},
{
"category": "external",
"summary": "https://go.dev/issue/77827",
"url": "https://go.dev/issue/77827"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk",
"url": "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4602",
"url": "https://pkg.go.dev/vuln/GO-2026-4602"
}
],
"release_date": "2026-03-06T21:28:14.451000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "os: FileInfo can escape from a Root in golang os module"
},
{
"cve": "CVE-2026-27141",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-02-26T20:09:11.626155+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2443104"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/http2. A remote attacker can exploit this vulnerability by sending specially crafted HTTP/2 frames, which are data packets used in the HTTP/2 protocol. Due to a missing check for null values, processing these specific frames (types 0x0a through 0x0f) can cause the server to crash. This leads to a Denial of Service (DoS) condition, making the affected server unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27141"
},
{
"category": "external",
"summary": "RHBZ#2443104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2443104"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27141"
},
{
"category": "external",
"summary": "https://go.dev/cl/746180",
"url": "https://go.dev/cl/746180"
},
{
"category": "external",
"summary": "https://go.dev/issue/77652",
"url": "https://go.dev/issue/77652"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4559",
"url": "https://pkg.go.dev/vuln/GO-2026-4559"
}
],
"release_date": "2026-02-26T18:50:31.830000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/net/http2: golang.org/x/net/http2: Denial of Service due to malformed HTTP/2 frames"
},
{
"cve": "CVE-2026-27143",
"cwe": {
"id": "CWE-733",
"name": "Compiler Optimization Removal or Modification of Security-critical Code"
},
"discovery_date": "2026-04-08T02:01:29.491546+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. The compiler fails to correctly check for integer overflow or underflow in arithmetic operations involving loop induction variables. As a result, the compiler allows invalid memory indexing to occur at runtime, potentially leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: possible memory corruption after bound check elimination",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is only exploitable in applications that contain a loop structure that relies on an induction variable. An induction variable is a variable that gets modified, usually incremented or decremented, by a predictable amount on each iteration. Inside the loop, the induction variable must be directly used as the index to access or modify elements within an array or a slice. Additionally, an attacker must be able to cause an integer overflow or underflow in the induction variable to trigger this issue. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27143"
},
{
"category": "external",
"summary": "RHBZ#2456342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27143",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27143"
},
{
"category": "external",
"summary": "https://go.dev/cl/763765",
"url": "https://go.dev/cl/763765"
},
{
"category": "external",
"summary": "https://go.dev/issue/78333",
"url": "https://go.dev/issue/78333"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4868",
"url": "https://pkg.go.dev/vuln/GO-2026-4868"
}
],
"release_date": "2026-04-08T01:06:57.168000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, strictly sanitize and enforce bounds checking on any untrusted user input that influences loop counters, iteration limits, or memory indices. If there is no integer overflow or underflow, the out-of-bounds access cannot occur.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: possible memory corruption after bound check elimination"
},
{
"cve": "CVE-2026-27144",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2026-04-08T02:01:22.896153+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the cmd/compile package in the Go standard library. A no-op interface conversion prevented the compiler from correctly identifying non-overlapping memory moves. As a result, the compiler allows unsafe memory move operations to occur at runtime, potentially causing data corruption, memory corruption or unexpected application behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: cmd/compile: no-op interface conversion bypasses overlap checking",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable in applications that contain a memory move or copy operation that is subject to a no-op (no-operation) interface conversion. Furthermore, the source and destination memory addresses involved in the move or copy must overlap and an attacker must be able to supply an input that triggers this specific operation. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27144"
},
{
"category": "external",
"summary": "RHBZ#2456340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27144",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27144"
},
{
"category": "external",
"summary": "https://go.dev/cl/763764",
"url": "https://go.dev/cl/763764"
},
{
"category": "external",
"summary": "https://go.dev/issue/78371",
"url": "https://go.dev/issue/78371"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4867",
"url": "https://pkg.go.dev/vuln/GO-2026-4867"
}
],
"release_date": "2026-04-08T01:06:56.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "To mitigate this issue, review code that performs memory copies or struct assignments. If data is being passed through an interface (such as \u0027any\u0027 or \u0027interface{}\u0027) just before a move operation, refactor the code to use concrete types or explicit pointers instead.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: cmd/compile: no-op interface conversion bypasses overlap checking"
},
{
"cve": "CVE-2026-32281",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-04-08T02:01:00.930989+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `crypto/x509` package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service (DoS) for applications or systems performing certificate validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw occurs during the validation of otherwise trusted certificate chains that contain a large number of policy mappings, leading to excessive resource consumption. Exploitation requires an attacker to present a specially crafted, yet trusted, certificate chain which would require the attacker has already compromised a trusted certificate root. Red Hat continuously monitors certificate authorities and curates the set which is trusted by default for Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32281"
},
{
"category": "external",
"summary": "RHBZ#2456333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32281"
},
{
"category": "external",
"summary": "https://go.dev/cl/758061",
"url": "https://go.dev/cl/758061"
},
{
"category": "external",
"summary": "https://go.dev/issue/78281",
"url": "https://go.dev/issue/78281"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4946",
"url": "https://pkg.go.dev/vuln/GO-2026-4946"
}
],
"release_date": "2026-04-08T01:06:58.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation"
},
{
"cve": "CVE-2026-32282",
"cwe": {
"id": "CWE-367",
"name": "Time-of-check Time-of-use (TOCTOU) Race Condition"
},
"discovery_date": "2026-04-08T02:01:12.683211+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the `Root.Chmod` function is replaced with a symbolic link during execution, specifically after `Root.Chmod` checks the target but before acting, the `chmod` operation will be performed on the file the symbolic link points to. This issue can bypass directory restrictions and lead to unauthorized permission changes on the filesystem.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs access to the system and the required permissions to create a symbolic link. Additionally, the attacker must swap the target file with a symbolic link in the exact window after the `Root.Chmod` function checks its target but before acting. Due to these conditions, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32282"
},
{
"category": "external",
"summary": "RHBZ#2456336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32282"
},
{
"category": "external",
"summary": "https://go.dev/cl/763761",
"url": "https://go.dev/cl/763761"
},
{
"category": "external",
"summary": "https://go.dev/issue/78293",
"url": "https://go.dev/issue/78293"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4864",
"url": "https://pkg.go.dev/vuln/GO-2026-4864"
}
],
"release_date": "2026-04-08T01:06:55.953000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root"
},
{
"cve": "CVE-2026-32283",
"cwe": {
"id": "CWE-764",
"name": "Multiple Locks of a Critical Resource"
},
"discovery_date": "2026-04-08T02:01:16.213799+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456338"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `crypto/tls` package within the Go (golang) standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock, leading to uncontrolled consumption of resources and ultimately a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"category": "external",
"summary": "RHBZ#2456338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32283",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"category": "external",
"summary": "https://go.dev/cl/763767",
"url": "https://go.dev/cl/763767"
},
{
"category": "external",
"summary": "https://go.dev/issue/78334",
"url": "https://go.dev/issue/78334"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4870",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
}
],
"release_date": "2026-04-08T01:06:57.670000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages"
},
{
"cve": "CVE-2026-32288",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-04-08T02:00:57.624222+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Go\u0027s `archive/tar` package. A remote attacker could exploit this vulnerability by providing a maliciously-crafted archive file. When the `tar.Reader` processes an archive containing a large number of sparse regions in the \"old GNU sparse map\" format, it can lead to unbounded memory allocation. This can result in a Denial of Service (DoS) condition, making the affected application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "archive/tar: golang: Go\u0027s archive/tar package: Denial of Service via maliciously-crafted archive",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32288"
},
{
"category": "external",
"summary": "RHBZ#2456332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32288",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32288"
},
{
"category": "external",
"summary": "https://go.dev/cl/763766",
"url": "https://go.dev/cl/763766"
},
{
"category": "external",
"summary": "https://go.dev/issue/78301",
"url": "https://go.dev/issue/78301"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4869",
"url": "https://pkg.go.dev/vuln/GO-2026-4869"
}
],
"release_date": "2026-04-08T01:06:57.416000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "archive/tar: golang: Go\u0027s archive/tar package: Denial of Service via maliciously-crafted archive"
},
{
"cve": "CVE-2026-32289",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2026-04-08T02:01:05.911683+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456334"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32289"
},
{
"category": "external",
"summary": "RHBZ#2456334",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456334"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32289"
},
{
"category": "external",
"summary": "https://go.dev/cl/763762",
"url": "https://go.dev/cl/763762"
},
{
"category": "external",
"summary": "https://go.dev/issue/78331",
"url": "https://go.dev/issue/78331"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4865",
"url": "https://pkg.go.dev/vuln/GO-2026-4865"
}
],
"release_date": "2026-04-08T01:06:56.297000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals"
},
{
"cve": "CVE-2026-33809",
"cwe": {
"id": "CWE-1285",
"name": "Improper Validation of Specified Index, Position, or Offset in Input"
},
"discovery_date": "2026-03-25T19:01:55.384019+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451437"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/image/tiff. A remote attacker could exploit this vulnerability by providing a maliciously crafted Tagged Image File Format (TIFF) file. This could cause the image decoding process to attempt to allocate up to 4 gigabytes (GiB) of memory. The excessive resource consumption or an out-of-memory error would lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33809"
},
{
"category": "external",
"summary": "RHBZ#2451437",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451437"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33809",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33809"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33809",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33809"
},
{
"category": "external",
"summary": "https://go.dev/cl/757660",
"url": "https://go.dev/cl/757660"
},
{
"category": "external",
"summary": "https://go.dev/issue/78267",
"url": "https://go.dev/issue/78267"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4815",
"url": "https://pkg.go.dev/vuln/GO-2026-4815"
}
],
"release_date": "2026-03-25T18:24:04.222000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file"
},
{
"cve": "CVE-2026-33813",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-04-21T20:01:02.224363+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460221"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/image. A remote attacker could exploit this vulnerability by providing a specially crafted WEBP image with an invalid, large size. This could cause the application to panic and crash on 32-bit platforms, leading to a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33813"
},
{
"category": "external",
"summary": "RHBZ#2460221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460221"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33813",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33813"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33813"
},
{
"category": "external",
"summary": "https://go.dev/cl/759860",
"url": "https://go.dev/cl/759860"
},
{
"category": "external",
"summary": "https://go.dev/issue/78407",
"url": "https://go.dev/issue/78407"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4961",
"url": "https://pkg.go.dev/vuln/GO-2026-4961"
}
],
"release_date": "2026-04-21T19:21:27.644000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T14:24:10+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:golang1-25-main@aarch64",
"Red Hat Hardened Images:golang1-25-main@noarch",
"Red Hat Hardened Images:golang1-25-main@src",
"Red Hat Hardened Images:golang1-25-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang.org/x/image: golang: golang.org/x/image: Denial of Service via malformed WEBP image parsing"
}
]
}
SUSE-SU-2026:0439-1
Vulnerability from csaf_suse - Published: 2026-02-11 09:30 - Updated: 2026-02-11 09:30| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for apptainer",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for apptainer fixes the following issues:\n\nSecurity fixes:\n\n- CVE-2024-45310: Fixed runc being tricked into creating empty \n files/directories on host (bsc#1257432)\n- CVE-2025-65105: Fixed security bypass due to disabling security \n options (bsc#1255462)\n- CVE-2025-47914: Fixed malformed constraint may cause denial of \n service in golang.org/x/crypto/ssh/agent (bsc#1253967)\n- CVE-2025-58181: Fixed unbounded memory consumption in \n golang.org/x/crypto/ssh (bsc#1253784)\n- CVE-2025-47913: Fixed potential denial of service in \n golang.org/x/crypto/ssh/agent (bsc#1253506)\n- CVE-2025-22872: Fixed incorrect Neutralization of Input During \n Web Page Generation in x/net (bsc#1241710)\n- CVE-2025-22870: Fixed HTTP Proxy bypass using IPv6 Zone IDs in \n golang.org/x/net (bsc#1238611)\n- CVE-2025-22869: Fixed potential denial of service in \n golang.org/x/crypto (bsc#1239322)\n- CVE-2025-27144: Fixed DoS in go-jose Parsing in \n github.com/go-jose/go-jose (bsc#1237608)\n- CVE-2025-8556: Fixed missing and wrong validation can lead \n to incorrect results in github.com/cloudflare/circl\n\nOther fixes:\n\n- Update to 1.4.5\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-439,SUSE-SLE-Module-HPC-15-SP7-2026-439,SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-439,openSUSE-SLE-15.6-2026-439",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_0439-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:0439-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20260439-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:0439-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-February/024109.html"
},
{
"category": "self",
"summary": "SUSE Bug 1237608",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "self",
"summary": "SUSE Bug 1238611",
"url": "https://bugzilla.suse.com/1238611"
},
{
"category": "self",
"summary": "SUSE Bug 1239322",
"url": "https://bugzilla.suse.com/1239322"
},
{
"category": "self",
"summary": "SUSE Bug 1241710",
"url": "https://bugzilla.suse.com/1241710"
},
{
"category": "self",
"summary": "SUSE Bug 1253506",
"url": "https://bugzilla.suse.com/1253506"
},
{
"category": "self",
"summary": "SUSE Bug 1253784",
"url": "https://bugzilla.suse.com/1253784"
},
{
"category": "self",
"summary": "SUSE Bug 1253967",
"url": "https://bugzilla.suse.com/1253967"
},
{
"category": "self",
"summary": "SUSE Bug 1255462",
"url": "https://bugzilla.suse.com/1255462"
},
{
"category": "self",
"summary": "SUSE Bug 1257432",
"url": "https://bugzilla.suse.com/1257432"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-45310 page",
"url": "https://www.suse.com/security/cve/CVE-2024-45310/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22869 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22870 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22872 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-27144 page",
"url": "https://www.suse.com/security/cve/CVE-2025-27144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47914 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-58181 page",
"url": "https://www.suse.com/security/cve/CVE-2025-58181/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-65105 page",
"url": "https://www.suse.com/security/cve/CVE-2025-65105/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-8556 page",
"url": "https://www.suse.com/security/cve/CVE-2025-8556/"
}
],
"title": "Security update for apptainer",
"tracking": {
"current_release_date": "2026-02-11T09:30:02Z",
"generator": {
"date": "2026-02-11T09:30:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:0439-1",
"initial_release_date": "2026-02-11T09:30:02Z",
"revision_history": [
{
"date": "2026-02-11T09:30:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apptainer-1.4.5-150600.4.12.1.aarch64",
"product": {
"name": "apptainer-1.4.5-150600.4.12.1.aarch64",
"product_id": "apptainer-1.4.5-150600.4.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"product": {
"name": "libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"product_id": "libsquashfuse0-0.5.0-150600.3.2.1.aarch64"
}
},
{
"category": "product_version",
"name": "squashfuse-0.5.0-150600.3.2.1.aarch64",
"product": {
"name": "squashfuse-0.5.0-150600.3.2.1.aarch64",
"product_id": "squashfuse-0.5.0-150600.3.2.1.aarch64"
}
},
{
"category": "product_version",
"name": "squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"product": {
"name": "squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"product_id": "squashfuse-devel-0.5.0-150600.3.2.1.aarch64"
}
},
{
"category": "product_version",
"name": "squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"product": {
"name": "squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"product_id": "squashfuse-tools-0.5.0-150600.3.2.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libsquashfuse0-0.5.0-150600.3.2.1.i586",
"product": {
"name": "libsquashfuse0-0.5.0-150600.3.2.1.i586",
"product_id": "libsquashfuse0-0.5.0-150600.3.2.1.i586"
}
},
{
"category": "product_version",
"name": "squashfuse-0.5.0-150600.3.2.1.i586",
"product": {
"name": "squashfuse-0.5.0-150600.3.2.1.i586",
"product_id": "squashfuse-0.5.0-150600.3.2.1.i586"
}
},
{
"category": "product_version",
"name": "squashfuse-devel-0.5.0-150600.3.2.1.i586",
"product": {
"name": "squashfuse-devel-0.5.0-150600.3.2.1.i586",
"product_id": "squashfuse-devel-0.5.0-150600.3.2.1.i586"
}
},
{
"category": "product_version",
"name": "squashfuse-tools-0.5.0-150600.3.2.1.i586",
"product": {
"name": "squashfuse-tools-0.5.0-150600.3.2.1.i586",
"product_id": "squashfuse-tools-0.5.0-150600.3.2.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "apptainer-leap-1.4.5-150600.4.12.1.noarch",
"product": {
"name": "apptainer-leap-1.4.5-150600.4.12.1.noarch",
"product_id": "apptainer-leap-1.4.5-150600.4.12.1.noarch"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"product": {
"name": "apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"product_id": "apptainer-sle15_6-1.4.5-150600.4.12.1.noarch"
}
},
{
"category": "product_version",
"name": "apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"product": {
"name": "apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"product_id": "apptainer-sle15_7-1.4.5-150600.4.12.1.noarch"
}
},
{
"category": "product_version",
"name": "apptainer-sle16-1.4.5-150600.4.12.1.noarch",
"product": {
"name": "apptainer-sle16-1.4.5-150600.4.12.1.noarch",
"product_id": "apptainer-sle16-1.4.5-150600.4.12.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"product": {
"name": "libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"product_id": "libsquashfuse0-0.5.0-150600.3.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "squashfuse-0.5.0-150600.3.2.1.ppc64le",
"product": {
"name": "squashfuse-0.5.0-150600.3.2.1.ppc64le",
"product_id": "squashfuse-0.5.0-150600.3.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"product": {
"name": "squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"product_id": "squashfuse-devel-0.5.0-150600.3.2.1.ppc64le"
}
},
{
"category": "product_version",
"name": "squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"product": {
"name": "squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"product_id": "squashfuse-tools-0.5.0-150600.3.2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"product": {
"name": "libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"product_id": "libsquashfuse0-0.5.0-150600.3.2.1.s390x"
}
},
{
"category": "product_version",
"name": "squashfuse-0.5.0-150600.3.2.1.s390x",
"product": {
"name": "squashfuse-0.5.0-150600.3.2.1.s390x",
"product_id": "squashfuse-0.5.0-150600.3.2.1.s390x"
}
},
{
"category": "product_version",
"name": "squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"product": {
"name": "squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"product_id": "squashfuse-devel-0.5.0-150600.3.2.1.s390x"
}
},
{
"category": "product_version",
"name": "squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"product": {
"name": "squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"product_id": "squashfuse-tools-0.5.0-150600.3.2.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apptainer-1.4.5-150600.4.12.1.x86_64",
"product": {
"name": "apptainer-1.4.5-150600.4.12.1.x86_64",
"product_id": "apptainer-1.4.5-150600.4.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"product": {
"name": "libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"product_id": "libsquashfuse0-0.5.0-150600.3.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "squashfuse-0.5.0-150600.3.2.1.x86_64",
"product": {
"name": "squashfuse-0.5.0-150600.3.2.1.x86_64",
"product_id": "squashfuse-0.5.0-150600.3.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"product": {
"name": "squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"product_id": "squashfuse-devel-0.5.0-150600.3.2.1.x86_64"
}
},
{
"category": "product_version",
"name": "squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"product": {
"name": "squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"product_id": "squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for HPC 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-hpc:15:sp7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.4.5-150600.4.12.1.aarch64 as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64"
},
"product_reference": "apptainer-1.4.5-150600.4.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.4.5-150600.4.12.1.x86_64 as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64"
},
"product_reference": "apptainer-1.4.5-150600.4.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_7-1.4.5-150600.4.12.1.noarch as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch"
},
"product_reference": "apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsquashfuse0-0.5.0-150600.3.2.1.aarch64 as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64"
},
"product_reference": "libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsquashfuse0-0.5.0-150600.3.2.1.x86_64 as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64"
},
"product_reference": "libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-0.5.0-150600.3.2.1.aarch64 as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64"
},
"product_reference": "squashfuse-0.5.0-150600.3.2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-0.5.0-150600.3.2.1.x86_64 as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64"
},
"product_reference": "squashfuse-0.5.0-150600.3.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-tools-0.5.0-150600.3.2.1.aarch64 as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64"
},
"product_reference": "squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-tools-0.5.0-150600.3.2.1.x86_64 as component of SUSE Linux Enterprise Module for HPC 15 SP7",
"product_id": "SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
},
"product_reference": "squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for HPC 15 SP7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.4.5-150600.4.12.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64"
},
"product_reference": "apptainer-1.4.5-150600.4.12.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.4.5-150600.4.12.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64"
},
"product_reference": "apptainer-1.4.5-150600.4.12.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_6-1.4.5-150600.4.12.1.noarch as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch"
},
"product_reference": "apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsquashfuse0-0.5.0-150600.3.2.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64"
},
"product_reference": "libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsquashfuse0-0.5.0-150600.3.2.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64"
},
"product_reference": "libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-0.5.0-150600.3.2.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64"
},
"product_reference": "squashfuse-0.5.0-150600.3.2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-0.5.0-150600.3.2.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64"
},
"product_reference": "squashfuse-0.5.0-150600.3.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-tools-0.5.0-150600.3.2.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64"
},
"product_reference": "squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-tools-0.5.0-150600.3.2.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP6-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
},
"product_reference": "squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP6-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.4.5-150600.4.12.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64"
},
"product_reference": "apptainer-1.4.5-150600.4.12.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-1.4.5-150600.4.12.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64"
},
"product_reference": "apptainer-1.4.5-150600.4.12.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-leap-1.4.5-150600.4.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch"
},
"product_reference": "apptainer-leap-1.4.5-150600.4.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apptainer-sle15_6-1.4.5-150600.4.12.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch"
},
"product_reference": "apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsquashfuse0-0.5.0-150600.3.2.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64"
},
"product_reference": "libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsquashfuse0-0.5.0-150600.3.2.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le"
},
"product_reference": "libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsquashfuse0-0.5.0-150600.3.2.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x"
},
"product_reference": "libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libsquashfuse0-0.5.0-150600.3.2.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64"
},
"product_reference": "libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-0.5.0-150600.3.2.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64"
},
"product_reference": "squashfuse-0.5.0-150600.3.2.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-0.5.0-150600.3.2.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le"
},
"product_reference": "squashfuse-0.5.0-150600.3.2.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-0.5.0-150600.3.2.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x"
},
"product_reference": "squashfuse-0.5.0-150600.3.2.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-0.5.0-150600.3.2.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64"
},
"product_reference": "squashfuse-0.5.0-150600.3.2.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-devel-0.5.0-150600.3.2.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64"
},
"product_reference": "squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-devel-0.5.0-150600.3.2.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le"
},
"product_reference": "squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-devel-0.5.0-150600.3.2.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x"
},
"product_reference": "squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-devel-0.5.0-150600.3.2.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64"
},
"product_reference": "squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-tools-0.5.0-150600.3.2.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64"
},
"product_reference": "squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-tools-0.5.0-150600.3.2.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le"
},
"product_reference": "squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-tools-0.5.0-150600.3.2.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x"
},
"product_reference": "squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "squashfuse-tools-0.5.0-150600.3.2.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
},
"product_reference": "squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45310",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-45310"
}
],
"notes": [
{
"category": "general",
"text": "runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack\u0027s scope but the exact scope of protection hasn\u0027t been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3.\n\nSome workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual\nuser on the host (such as with rootless containers that don\u0027t use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-45310",
"url": "https://www.suse.com/security/cve/CVE-2024-45310"
},
{
"category": "external",
"summary": "SUSE Bug 1230092 for CVE-2024-45310",
"url": "https://bugzilla.suse.com/1230092"
},
{
"category": "external",
"summary": "SUSE Bug 1257413 for CVE-2024-45310",
"url": "https://bugzilla.suse.com/1257413"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T09:30:02Z",
"details": "low"
}
],
"title": "CVE-2024-45310"
},
{
"cve": "CVE-2025-22869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22869"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22869",
"url": "https://www.suse.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "SUSE Bug 1239322 for CVE-2025-22869",
"url": "https://bugzilla.suse.com/1239322"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T09:30:02Z",
"details": "important"
}
],
"title": "CVE-2025-22869"
},
{
"cve": "CVE-2025-22870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22870"
}
],
"notes": [
{
"category": "general",
"text": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22870",
"url": "https://www.suse.com/security/cve/CVE-2025-22870"
},
{
"category": "external",
"summary": "SUSE Bug 1238572 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238572"
},
{
"category": "external",
"summary": "SUSE Bug 1238611 for CVE-2025-22870",
"url": "https://bugzilla.suse.com/1238611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T09:30:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22870"
},
{
"cve": "CVE-2025-22872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22872"
}
],
"notes": [
{
"category": "general",
"text": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22872",
"url": "https://www.suse.com/security/cve/CVE-2025-22872"
},
{
"category": "external",
"summary": "SUSE Bug 1241710 for CVE-2025-22872",
"url": "https://bugzilla.suse.com/1241710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T09:30:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-22872"
},
{
"cve": "CVE-2025-27144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-27144"
}
],
"notes": [
{
"category": "general",
"text": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-27144",
"url": "https://www.suse.com/security/cve/CVE-2025-27144"
},
{
"category": "external",
"summary": "SUSE Bug 1237608 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237608"
},
{
"category": "external",
"summary": "SUSE Bug 1237609 for CVE-2025-27144",
"url": "https://bugzilla.suse.com/1237609"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T09:30:02Z",
"details": "important"
}
],
"title": "CVE-2025-27144"
},
{
"cve": "CVE-2025-47913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47913"
}
],
"notes": [
{
"category": "general",
"text": "SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47913",
"url": "https://www.suse.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "SUSE Bug 1253506 for CVE-2025-47913",
"url": "https://bugzilla.suse.com/1253506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T09:30:02Z",
"details": "important"
}
],
"title": "CVE-2025-47913"
},
{
"cve": "CVE-2025-47914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47914"
}
],
"notes": [
{
"category": "general",
"text": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47914",
"url": "https://www.suse.com/security/cve/CVE-2025-47914"
},
{
"category": "external",
"summary": "SUSE Bug 1253967 for CVE-2025-47914",
"url": "https://bugzilla.suse.com/1253967"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T09:30:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-47914"
},
{
"cve": "CVE-2025-58181",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-58181"
}
],
"notes": [
{
"category": "general",
"text": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-58181",
"url": "https://www.suse.com/security/cve/CVE-2025-58181"
},
{
"category": "external",
"summary": "SUSE Bug 1253784 for CVE-2025-58181",
"url": "https://bugzilla.suse.com/1253784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T09:30:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-58181"
},
{
"cve": "CVE-2025-65105",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-65105"
}
],
"notes": [
{
"category": "general",
"text": "Apptainer is an open source container platform. In Apptainer versions less than 1.4.5, a container can disable two of the forms of the little used --security option, in particular the forms --security=apparmor:\u003cprofile\u003e and --security=selinux:\u003clabel\u003e which otherwise put restrictions on operations that containers can do. The --security option has always been mentioned in Apptainer documentation as being a feature for the root user, although these forms do also work for unprivileged users on systems where the corresponding feature is enabled. Apparmor is enabled by default on Debian-based distributions and SElinux is enabled by default on RHEL-based distributions, but on SUSE it depends on the distribution version. This vulnerability is fixed in 1.4.5.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-65105",
"url": "https://www.suse.com/security/cve/CVE-2025-65105"
},
{
"category": "external",
"summary": "SUSE Bug 1255462 for CVE-2025-65105",
"url": "https://bugzilla.suse.com/1255462"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T09:30:02Z",
"details": "moderate"
}
],
"title": "CVE-2025-65105"
},
{
"cve": "CVE-2025-8556",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-8556"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in CIRCL\u0027s implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-8556",
"url": "https://www.suse.com/security/cve/CVE-2025-8556"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:apptainer-sle15_7-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Module for HPC 15 SP7:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-1.4.5-150600.4.12.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-0.5.0-150600.3.2.1.x86_64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"SUSE Linux Enterprise Server 15 SP6-LTSS:squashfuse-tools-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.aarch64",
"openSUSE Leap 15.6:apptainer-1.4.5-150600.4.12.1.x86_64",
"openSUSE Leap 15.6:apptainer-leap-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:apptainer-sle15_6-1.4.5-150600.4.12.1.noarch",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:libsquashfuse0-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-devel-0.5.0-150600.3.2.1.x86_64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.aarch64",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.ppc64le",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.s390x",
"openSUSE Leap 15.6:squashfuse-tools-0.5.0-150600.3.2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-11T09:30:02Z",
"details": "low"
}
],
"title": "CVE-2025-8556"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.