RHBA-2025:10841 - Bug Fix Advisory

Topic

Updated rhel-els container image is now available for use only by other Red Hat products.

Description

The rhel-els container image is designed and engineered to be used by other Red Hat products. This image is only supported for approved Red Hat products. This image is maintained by Red Hat and updated regularly.

Solution

The container image provided by this update is used only as the base layer for other Red Hat products. Direct use of this image is neither recommended nor supported.

Affected Products

• Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
• Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
• Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64

Fixes

• BZ - 2370010 - CVE-2025-4435 cpython: Tarfile extracts filtered members when errorlevel=0
• BZ - 2370013 - CVE-2024-12718 cpython: python: Bypass extraction filter to modify file metadata outside extraction directory
• BZ - 2370014 - CVE-2025-4330 cpython: python: Extraction filter bypass for linking outside extraction directory
• BZ - 2370016 - CVE-2025-4517 python: cpython: Arbitrary writes via tarfile realpath overflow
• BZ - 2372426 - CVE-2025-4138 cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory

CVEs

• CVE-2024-12718
• CVE-2025-4138
• CVE-2025-4330
• CVE-2025-4435
• CVE-2025-4517
• CVE-2025-6020

References

(none)