RHSA-2026:0934
Vulnerability from csaf_redhat - Published: 2026-01-22 04:35 - Updated: 2026-01-22 22:16Summary
Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.36.0 security update & enhancements
Notes
Topic
Release of OpenShift Serverless Logic 1.36.0
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This release includes CVE bug fixes:
* CVE-2024-12718 python3-libs-3.6.8-69.el8_10.x86_64 platform-python-3.6.8-69.el8_10.x86_64 RHSA-2025:10128
* CVE-2025-30749 java-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64 RHSA-2025:10867
* CVE-2025-40778 python3-bind-9.11.36-16.el8_10.4.noarch bind-license-9.11.36-16.el8_10.4.noarch bind-libs-9.11.36-16.el8_10.4.x86_64 bind-libs-lite-9.11.36-16.el8_10.4.x86_64 bind-utils-9.11.36-16.el8_10.4.x86_64 RHSA-2025:19835
* CVE-2025-4138 platform-python-3.6.8-69.el8_10.x86_64 python3-libs-3.6.8-69.el8_10.x86_64 RHSA-2025:10128
* CVE-2025-4517 python3-libs-3.6.8-69.el8_10.x86_64 platform-python-3.6.8-69.el8_10.x86_64 RHSA-2025:10128
* CVE-2025-49794 libxml2-2.9.7-19.el8_10.x86_64 RHSA-2025:10698
* CVE-2025-49796 libxml2-2.9.7-19.el8_10.x86_64 RHSA-2025:10698
* CVE-2025-50059 java-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64java-17-openjdk-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64 RHSA-2025:10867
* CVE-2025-50106 java-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64, java-17-openjdk-17.0.15.0.6-2.el8.x86_64java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64 RHSA-2025:10867
* CVE-2025-58060 cups-libs-2.2.6-62.el8_10.x86_64 RHSA-2025:15702
* CVE-2025-5914 libarchive-3.3.3-5.el8.x86_64 RHSA-2025:14135
* CVE-2025-59375 expat-2.2.5-17.el8_10.x86_64 RHSA-2025:21776
* CVE-2025-6020 pam-1.3.1-36.el8_10.x86_64 RHSA-2025:10027
* CVE-2025-6965 sqlite-libs-3.26.0-19.el8_9.x86_64 RHSA-2025:12010
* CVE-2025-7425 libxml2-2.9.7-19.el8_10.x86_64 RHSA-2025:12450
* CVE-2025-8941 pam-1.3.1-36.el8_10.x86_64 RHSA-2025:14557
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Release of OpenShift Serverless Logic 1.36.0\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release includes CVE bug fixes:\n* CVE-2024-12718\tpython3-libs-3.6.8-69.el8_10.x86_64 platform-python-3.6.8-69.el8_10.x86_64\tRHSA-2025:10128\n* CVE-2025-30749\tjava-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64\tRHSA-2025:10867\n* CVE-2025-40778\tpython3-bind-9.11.36-16.el8_10.4.noarch bind-license-9.11.36-16.el8_10.4.noarch bind-libs-9.11.36-16.el8_10.4.x86_64 bind-libs-lite-9.11.36-16.el8_10.4.x86_64 bind-utils-9.11.36-16.el8_10.4.x86_64\tRHSA-2025:19835\n* CVE-2025-4138\tplatform-python-3.6.8-69.el8_10.x86_64 python3-libs-3.6.8-69.el8_10.x86_64\tRHSA-2025:10128\n* CVE-2025-4517\tpython3-libs-3.6.8-69.el8_10.x86_64 platform-python-3.6.8-69.el8_10.x86_64\tRHSA-2025:10128\n* CVE-2025-49794\tlibxml2-2.9.7-19.el8_10.x86_64\tRHSA-2025:10698\n* CVE-2025-49796\tlibxml2-2.9.7-19.el8_10.x86_64\tRHSA-2025:10698\n* CVE-2025-50059\tjava-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64java-17-openjdk-17.0.15.0.6-2.el8.x86_64 java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64\tRHSA-2025:10867\n* CVE-2025-50106\tjava-17-openjdk-devel-17.0.15.0.6-2.el8.x86_64, java-17-openjdk-17.0.15.0.6-2.el8.x86_64java-17-openjdk-headless-17.0.15.0.6-2.el8.x86_64\tRHSA-2025:10867\n* CVE-2025-58060\tcups-libs-2.2.6-62.el8_10.x86_64\tRHSA-2025:15702\n* CVE-2025-5914\tlibarchive-3.3.3-5.el8.x86_64\tRHSA-2025:14135\n* CVE-2025-59375\texpat-2.2.5-17.el8_10.x86_64\tRHSA-2025:21776\n* CVE-2025-6020\tpam-1.3.1-36.el8_10.x86_64\tRHSA-2025:10027\n* CVE-2025-6965\tsqlite-libs-3.26.0-19.el8_9.x86_64\tRHSA-2025:12010\n* CVE-2025-7425\tlibxml2-2.9.7-19.el8_10.x86_64\tRHSA-2025:12450\n* CVE-2025-8941\tpam-1.3.1-36.el8_10.x86_64\tRHSA-2025:14557",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0934",
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2370013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370013"
},
{
"category": "external",
"summary": "2370016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370016"
},
{
"category": "external",
"summary": "2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "2372426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372426"
},
{
"category": "external",
"summary": "2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "2376783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376783"
},
{
"category": "external",
"summary": "2376785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376785"
},
{
"category": "external",
"summary": "2379031",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379031"
},
{
"category": "external",
"summary": "2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "2392595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392595"
},
{
"category": "external",
"summary": "2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0934.json"
}
],
"title": "Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.36.0 security update \u0026 enhancements",
"tracking": {
"current_release_date": "2026-01-22T22:16:57+00:00",
"generator": {
"date": "2026-01-22T22:16:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0934",
"initial_release_date": "2026-01-22T04:35:39+00:00",
"revision_history": [
{
"date": "2026-01-22T04:35:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-22T04:35:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-22T22:16:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "8Base-Openshift-Serverless-1.36",
"product": {
"name": "8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_serverless:1.36::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Serverless"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"product": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"product": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"product": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"product_id": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-db-migrator-tool-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"product": {
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"product_id": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8\u0026tag=1.36.0-4"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"product": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"product_id": "openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.36.0-12"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"product": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.36.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"product": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"product": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6?arch=arm64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.36.0-7"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"product_id": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-db-migrator-tool-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"product_id": "openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.36.0-12"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.36.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"product": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.36.0-7"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"product": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"product_id": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-ephemeral-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"product": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"product_id": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-data-index-postgresql-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"product": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"product_id": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-db-migrator-tool-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"product_id": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-ephemeral-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"product": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"product_id": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-jobs-service-postgresql-rhel8\u0026tag=1.36.0-10"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"product": {
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"product_id": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8\u0026tag=1.36.0-4"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"product": {
"name": "openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"product_id": "openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-management-console-rhel8\u0026tag=1.36.0-9"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"product": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"product_id": "openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-operator-bundle\u0026tag=1.36.0-12"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"product": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"product_id": "openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-rhel8-operator\u0026tag=1.36.0-18"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"product": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"product_id": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-builder-rhel8\u0026tag=1.36.0-11"
}
}
},
{
"category": "product_version",
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64",
"product": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64",
"product_id": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c?arch=amd64\u0026repository_url=registry.redhat.io/openshift-serverless-1/logic-swf-devmode-rhel8\u0026tag=1.36.0-7"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64"
},
"product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64"
},
"product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64"
},
"product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64"
},
"product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64"
},
"product_reference": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64"
},
"product_reference": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64"
},
"product_reference": "openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64"
},
"product_reference": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64"
},
"product_reference": "openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64"
},
"product_reference": "openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64"
},
"product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64"
},
"product_reference": "openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64"
},
"product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64"
},
"product_reference": "openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64"
},
"product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64"
},
"product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le"
},
"product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64"
},
"product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64 as a component of 8Base-Openshift-Serverless-1.36",
"product_id": "8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
},
"product_reference": "openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64",
"relates_to_product_reference": "8Base-RHOSS-1.36"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12718",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-03T14:00:57.613538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370013"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CPython\u0027s tarfile module. This vulnerability allows modification of file metadata, such as timestamps or permissions, outside the intended extraction directory via maliciously crafted tar archives using the filter=\"data\" or filter=\"tar\" extraction filters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Bypass extraction filter to modify file metadata outside extraction directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability was lowered due to the fact that successful exploitation requires the attacker to convince a privileged user or process to extract a malicious tar file. Since tar file extraction typically occurs in trusted contexts or with elevated privileges, the impact is reduced by the requirement of such access.\n\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12718"
},
{
"category": "external",
"summary": "RHBZ#2370013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370013"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12718"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/127987",
"url": "https://github.com/python/cpython/issues/127987"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:59:10.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cpython: python: Bypass extraction filter to modify file metadata outside extraction directory"
},
{
"cve": "CVE-2025-4138",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T09:03:58.434950+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372426"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Python tarfile module. This vulnerability allows attackers to bypass extraction filters, enabling symlink targets to escape the destination directory and allowing unauthorized modification of file metadata via the use of TarFile.extract() or TarFile.extractall() with the filter= parameter set to \"data\" or \"tar\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Versions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4138"
},
{
"category": "external",
"summary": "RHBZ#2372426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372426"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4138",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4138"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:59:02.717000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Red Hat recommends upgrading to a fixed release of Python as soon as one is available. This vulnerability can be mitigated by rejecting links inside tarfiles that use relative references to the parent directory. The upstream advisory provides this example code:\n\n\u0027\u0027\u0027\n# Avoid insecure segments in link names.\nfor member in tar.getmembers():\n if not member.islnk():\n continue\n if os.pardir in os.path.split(member.linkname):\n raise OSError(\"Tarfile with insecure segment (\u0027..\u0027) in linkname\")\n\n# Now safe to extract members with the data filter.\ntar.extractall(filter=\"data\")\n\u0027\u0027\u0027",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-03T14:01:12.271192+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370016"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the CPython tarfile module. This vulnerability allows arbitrary filesystem writes outside the extraction directory via extracting untrusted tar archives using the TarFile.extractall() or TarFile.extract() methods with the extraction filter parameter set to \"data\" or \"tar\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: cpython: Arbitrary writes via tarfile realpath overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability was lowered due to the fact that successful exploitation requires the attacker to convince a privileged user or process to extract a malicious tar file. Since tar file extraction typically occurs in trusted contexts or with elevated privileges, the impact is reduced by the requirement of such access.\n\nVersions of python36:3.6/python36 as shipped with Red Hat Enterprise Linux 8 are marked as \u0027Not affected\u0027 as they just provide \"symlinks\" to the main python3 component, which provides the actual interpreter of the Python programming language.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4517"
},
{
"category": "external",
"summary": "RHBZ#2370016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370016"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4517"
},
{
"category": "external",
"summary": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f",
"url": "https://gist.github.com/sethmlarson/52398e33eff261329a0180ac1d54f42f"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a",
"url": "https://github.com/python/cpython/commit/3612d8f51741b11f36f8fb0494d79086bac9390a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a",
"url": "https://github.com/python/cpython/commit/9e0ac76d96cf80b49055f6d6b9a6763fb9215c2a"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135034",
"url": "https://github.com/python/cpython/issues/135034"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135037",
"url": "https://github.com/python/cpython/pull/135037"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/MAXIJJCUUMCL7ATZNDVEGGHUMQMUUKLG/"
}
],
"release_date": "2025-06-03T12:58:50.352000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: cpython: Arbitrary writes via tarfile realpath overflow"
},
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as Important because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"acknowledgments": [
{
"names": [
"Sergei Glazunov"
],
"organization": "Google Project Zero"
}
],
"cve": "CVE-2025-7425",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-07-10T09:37:28.172000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379274"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This heap-use-after-free vulnerability in libxslt is rated Important because it can lead to memory corruption and application crashes. The flaw arises when internal attribute metadata (atype) is modified by libxslt\u0027s xsltSetSourceNodeFlags() function during processing of result tree fragments. If the flag corruption prevents proper removal of ID references, later memory cleanup routines may operate on already-freed memory. Since libxslt is commonly used in server-side XML processing, this could result in denial-of-service or potentially facilitate code execution under certain memory reuse conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7425"
},
{
"category": "external",
"summary": "RHBZ#2379274",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379274"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7425"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/140"
}
],
"release_date": "2025-07-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
},
{
"cve": "CVE-2025-30749",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-07-07T10:35:26.542000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376783"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Better Glyph drawing (Oracle CPU 2025-07)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-30749"
},
{
"category": "external",
"summary": "RHBZ#2376783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-30749",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30749",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30749"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA"
}
],
"release_date": "2025-07-15T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Better Glyph drawing (Oracle CPU 2025-07)"
},
{
"cve": "CVE-2025-40778",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-10-22T15:07:23.729000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2405827"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability exists in BIND\u2019s DNS resolver logic that makes it overly permissive when accepting resource records (RRs) in responses. Under certain conditions, this flaw allows attackers to inject unsolicited or forged DNS records into the cache. This can be exploited to poison the resolver cache, redirecting clients to malicious domains or unauthorized servers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: Cache poisoning attacks with unsolicited RRs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "It is classified as Important rather than Critical because its impact is limited to cache poisoning within recursive resolvers and does not allow direct code execution, privilege escalation, or service disruption. The vulnerability affects the accuracy of DNS responses, but not the availability or confidentiality of systems. Additionally, DNSSEC-enabled deployments and restricted recursive access can significantly mitigate exploitation risks. Therefore, while the flaw can misdirect network traffic and compromise trust in name resolution, it does not directly compromise the underlying server or client systems, justifying an Important \u2014 but not Critical \u2014 severity rating.\n\nTechnical Analysis:\nThe issue arises because BIND fails to strictly validate unsolicited resource records accompanying legitimate DNS responses. This gap allows forged recursive resolvers to be cached as valid entries. Since the attack is remote, requires no authentication, and exploits a low-complexity vector, it is highly impactful in recursive resolver environments\u2014especially those exposed to untrusted clients or open resolvers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-40778"
},
{
"category": "external",
"summary": "RHBZ#2405827",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2405827"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-40778",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-40778"
}
],
"release_date": "2025-10-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "While it is not possible to eliminate risk from this vulnerability, there are several options for reducing the risk. These include restricting recursive queries to trusted or internal networks only, and apply rate limiting or firewall rules to prevent excessive or repetitive requests. Enabling DNSSEC validation helps reject forged records, while isolating recursive resolvers from authoritative servers limits the impact of potential cache poisoning. Active monitoring of CPU usage, query volume, and cache anomalies can provide early warning of abuse or attacks.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: Cache poisoning attacks with unsolicited RRs"
},
{
"cve": "CVE-2025-49794",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-06-11T21:33:43.044000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372373"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program\u0027s crash using libxml or other possible undefined behaviors.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was rated with a severity impact of Important by Red Hat Product Security, as libxml can be used to parse XML coming from the network depending on how the program consumes it and uses the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49794"
},
{
"category": "external",
"summary": "RHBZ#2372373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372373"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49794"
}
],
"release_date": "2025-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than avoid processing untrusted XML documents before updating to the libxml version containing the fix.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-06-12T00:35:26.470000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372385"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml: Type confusion leads to Denial of service (DoS)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has evaluated this vulnerability as having an Important security impact, as libxml can be used to parse XML from the network depending on how the program consumes it using the library. Additionally, although the initial report shows a crash due to invalid memory access (A:H), other undefined issues that can present data integrity due to the application overwriting sensitive data are not discarded (I:H).",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-49796"
},
{
"category": "external",
"summary": "RHBZ#2372385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-49796",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49796"
}
],
"release_date": "2025-06-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation other than to avoid processing untrusted XML documents if the user is unable/unwilling to update the library.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml: Type confusion leads to Denial of service (DoS)"
},
{
"cve": "CVE-2025-50059",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2025-07-07T10:48:25.047000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2376785"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. While the vulnerability is in Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-50059"
},
{
"category": "external",
"summary": "RHBZ#2376785",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376785"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-50059",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-50059",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50059"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA"
}
],
"release_date": "2025-07-15T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)"
},
{
"cve": "CVE-2025-50106",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-07-09T15:41:11.313000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379031"
}
],
"notes": [
{
"category": "description",
"text": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1; Oracle GraalVM Enterprise Edition: 21.3.14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-50106"
},
{
"category": "external",
"summary": "RHBZ#2379031",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379031"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-50106",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-50106",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50106"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA",
"url": "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixJAVA"
}
],
"release_date": "2025-07-15T20:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)"
},
{
"acknowledgments": [
{
"names": [
"Hristo Venev"
]
}
],
"cve": "CVE-2025-58060",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2025-09-02T12:06:54.304000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392595"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in CUPS, a widely used printing service on Linux and UNIX-like systems. The issue arises when authentication is configured to use a method other than Basic, but the attacker sends an HTTP request with a Basic authentication header. Due to improper validation in the cupsdAuthorize() function, the password is not checked. This vulnerability allows attackers to bypass authentication entirely, resulting in unauthorized access to administrative functions and system configuration.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cups: Authentication Bypass in CUPS Authorization Handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed the severity of this vulnerability as Important, given that it enables complete authentication bypass. Exploitation requires no valid credentials and can be performed remotely in some configurations. Attackers could gain administrative privileges in CUPS, modify critical configuration files, or potentially escalate their access further depending on the system environment. The root cause is a missing authentication check when the AuthType is set to values other than Basic but a Basic authorization header is supplied.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58060"
},
{
"category": "external",
"summary": "RHBZ#2392595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392595"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58060",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58060"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58060",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58060"
}
],
"release_date": "2025-09-11T13:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to a widespread installation base, or stability. It is strongly advised to apply vendor-supplied patches as soon as they are released to address this authentication bypass vulnerability.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cups: Authentication Bypass in CUPS Authorization Handling"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classify as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74",
"url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/issues/1018",
"url": "https://github.com/libexpat/libexpat/issues/1018"
},
{
"category": "external",
"summary": "https://github.com/libexpat/libexpat/pull/1034",
"url": "https://github.com/libexpat/libexpat/pull/1034"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/439133977",
"url": "https://issues.oss-fuzz.com/issues/439133977"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-22T04:35:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0934"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:215d1630f58ae5bfb0e1d37f39af05af76cbd76b944719cd19586836d133d744_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:5c56a7766667f767be1caf592bbffac12ec7faf11604ff8c07f74b737299396c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-ephemeral-rhel8@sha256:a7bc7836315c4cd780bd7ffb107c4766002338064688ab32d867e31f71555ec0_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:325ba169cd6a0997ecef78c9bbca638c16f014f6543b1a2e82b61f59fba9e96b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:47e272e4d713c566ef0bd8007bd78b6d28825607ec5b50b75ffe1c2b31b50711_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-data-index-postgresql-rhel8@sha256:5471e98d5131187f6610009cb438df50fe4fed9ab579ec83ab77da7c3bc6bb5b_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:3f43a82674556552e2810f752d02ac57dcc49b18aa8069b71d24509767468874_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:42d92634b80d989a8fa7c643208808e7086a51250fbc97db70b85df0e060720b_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-db-migrator-tool-rhel8@sha256:a686bf1195c72e3f9098da8b1ae07d41a955f02060b00f1a7df61c7e6c6cb05a_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:123a0cc1671c538b32253df3ffe87b34e76d57ce591cef090ab622a259c82999_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:83f82a69d50613cb57e29c6ed91517a2bd3727229606746984c2d198151bfc51_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-ephemeral-rhel8@sha256:fa7aa68cbc334378d04020e573d1519fad14883a79dad86bcb229bd2ff5ed210_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:a561456600b960f618b60378d4d550c05ff7e48c05905725ec0dbdc9078ce557_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:d2040b3ca4cbbacf14a0c8140479c0539810aa62c3cce0a0cf3dcf9aad99333c_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-jobs-service-postgresql-rhel8@sha256:dc2d68799c2ab0324aab78d9b4317c9e3ffccbd459af2df099b8914bcc5431fa_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:0c1d73a9cdd16a603dec682dee19b1755590674f28c45d1393da227ceb528714_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-kn-workflow-cli-artifacts-rhel8@sha256:2b0b736c3f003557cc13e07c62153dcf693c6f023369dbe574f29167d7457993_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-management-console-rhel8@sha256:5da036d39d3bcd61641926d480ddefb02ef3f84630b7f9975a0ba0c757c5561c_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:1952b244eefe4a9befb32feb68517ba3cb33dabda85193304f8cf1865a983e12_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:3a7ac84bbdb706e4bbce0fed2e3c6b8c4cd14d12deee77470ac623198f0fe2f4_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-operator-bundle@sha256:82cab0630e0615a70f4a48aceca9ead900324a48b4d5e992f5f5d7b5f4186add_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:11ceb16782fc88337bdf1e25dea2450ef0a18f5e626ff66805f8139b87f1af0a_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:14121fa98dfdd1fe005140c16fc1d8c4534bfdadc200c361b96fff26864d5537_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-rhel8-operator@sha256:810ebae2db120891302d6d2c1a6878dd4f4f3c483c3842063ed3748df8a56e1e_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:888a3e0e145bbba887a28affa275a5b70d6d492cf2510e232db3b76d3cf45409_amd64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:8fdbbf0b40b85381aa8c5ec6f799f5856ca7a2fdf63230cadbd3a5d26ed471e3_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-builder-rhel8@sha256:b7a73d5750b374412a1d80318671f2f64f64fa4145b69cae4f8ae71b54519559_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:2cd2cd2e6975fdf774ea27bfb57c7c918b1177d1b5247d91052723bf6a44dd57_ppc64le",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:3f8da099dd2d7b4d0a3d5cd7016b551fdfd7d3d32ed74757db297470a04ee9e6_arm64",
"8Base-RHOSS-1.36:openshift-serverless-1/logic-swf-devmode-rhel8@sha256:c43f449ced50cfc662e9cf17dfa9af697d7fb6c816cc7849a68a0f5b5298d14c_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…