Red Hat Product Errata RHSA-2025:11386 - Security Advisory
Issued:
2025-07-17
Updated:
2025-07-17

RHSA-2025:11386 - Security Advisory

Synopsis

Important: updated RHEL-8 based Middleware Containers container images

Type/Severity

Security Advisory: Important

Topic

Updated RHEL-8 based Middleware Containers container images are now available

Description

The RHEL-8 based Middleware Containers container images have been updated to address the following security advisory: RHSA-2025:10698 (see References)

Users of RHEL-8 based Middleware Containers container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The RHEL-8 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

  • Red Hat OpenShift Container Platform 4.12 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.11 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform 4.10 for RHEL 8 x86_64

Fixes

  • BZ - 2370010 - CVE-2025-4435 cpython: Tarfile extracts filtered members when errorlevel=0
  • BZ - 2370013 - CVE-2024-12718 cpython: python: Bypass extraction filter to modify file metadata outside extraction directory
  • BZ - 2370014 - CVE-2025-4330 cpython: python: Extraction filter bypass for linking outside extraction directory
  • BZ - 2370016 - CVE-2025-4517 python: cpython: Arbitrary writes via tarfile realpath overflow
  • BZ - 2372373 - CVE-2025-49794 libxml: Heap use after free (UAF) leads to Denial of service (DoS)
  • BZ - 2372385 - CVE-2025-49796 libxml: Type confusion leads to Denial of service (DoS)
  • BZ - 2372406 - CVE-2025-6021 libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2
  • BZ - 2372426 - CVE-2025-4138 cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory
  • BZ - 2372512 - CVE-2025-6020 linux-pam: Linux-pam directory Traversal

x86_64

rhpam-7/rhpam-businesscentral-monitoring-rhel8@sha256:2e80c3dfa1f6626a9e04ea73d166ba1f76bfa3bbf2b8e8fdbcca9335a72315e4
rhpam-7/rhpam-businesscentral-rhel8@sha256:c5aff29d13a45f7a488cb1c15e7d31ac98d04aca5676b5ec78f66d36631abdb3
rhpam-7/rhpam-controller-rhel8@sha256:54fc0d91b9ddebff1e77c0ec994763906bdb5fdaedce1edc65777e26145fc879
rhpam-7/rhpam-dashbuilder-rhel8@sha256:13a4dc736a5b3717c618910b38d6de7627dfa7d73f65f1f052a4f372b5e32d0f
rhpam-7/rhpam-kieserver-rhel8@sha256:8571df197428508c9353f8cc6e6f33120650a49442c1e75c235838e0ab8130f0
rhpam-7/rhpam-operator-bundle@sha256:1b10c7ce00d06191634253010b33cc62708513fd683d3fbcb2fdebe5ec9d75fc
rhpam-7/rhpam-process-migration-rhel8@sha256:f39f81f93501a792b49ee2ca67ca5d11d9a333f458cbafaa67ddf06ecfd72865
rhpam-7/rhpam-rhel8-operator@sha256:f57ebf2df8d5e1aa5e6598aa1a4bf9458f3a04e57245881b52f0a94839289a40
rhpam-7/rhpam-smartrouter-rhel8@sha256:8a455986352060aa24497516c59b1f283fc9407e94cc4b6a6b17563980d0db56

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.