红帽产品勘误 RHSA-2025:22011 - Security Advisory
发布:
2025-11-25
已更新:
2025-11-25

RHSA-2025:22011 - Security Advisory

概述

Important: buildah security update

类型/严重性

Security Advisory: Important

Red Hat Insights 补丁分析

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for buildah is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.

Security Fix(es):

  • runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881)
  • golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x

修复

  • BZ - 2404715 - CVE-2025-52881 runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects
  • BZ - 2407258 - CVE-2025-58183 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

Red Hat Enterprise Linux for x86_64 9

SRPM
buildah-1.41.6-1.el9_7.src.rpm SHA-256: 6e482a05bebbb501efce13bec58959e6bab3d5a0fa553135c4572780312ed173
x86_64
buildah-1.41.6-1.el9_7.x86_64.rpm SHA-256: a462c33f78fe48e7c5d032e316cd326b81f53bccca3e8a20927a7485c293cb72
buildah-debuginfo-1.41.6-1.el9_7.x86_64.rpm SHA-256: 4939279d85dfc613212ea67d07f570d52abb3977e8c86442e3c9d13e851ead4b
buildah-debugsource-1.41.6-1.el9_7.x86_64.rpm SHA-256: 2ca343995fc35f46ccaa26765f37464ec97fdf7601c0f6746007ffea5d354090
buildah-tests-1.41.6-1.el9_7.x86_64.rpm SHA-256: 6693abe346f8d2f53953a7b7c88c6b77c37fbb9da318be53b75f43dbcfaf39ab
buildah-tests-debuginfo-1.41.6-1.el9_7.x86_64.rpm SHA-256: 9a8068916fad7a52dd5048994cb7fd87def33e9c24b351a508806080db87e2ce

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8

SRPM
buildah-1.41.6-1.el9_7.src.rpm SHA-256: 6e482a05bebbb501efce13bec58959e6bab3d5a0fa553135c4572780312ed173
x86_64
buildah-1.41.6-1.el9_7.x86_64.rpm SHA-256: a462c33f78fe48e7c5d032e316cd326b81f53bccca3e8a20927a7485c293cb72
buildah-debuginfo-1.41.6-1.el9_7.x86_64.rpm SHA-256: 4939279d85dfc613212ea67d07f570d52abb3977e8c86442e3c9d13e851ead4b
buildah-debugsource-1.41.6-1.el9_7.x86_64.rpm SHA-256: 2ca343995fc35f46ccaa26765f37464ec97fdf7601c0f6746007ffea5d354090
buildah-tests-1.41.6-1.el9_7.x86_64.rpm SHA-256: 6693abe346f8d2f53953a7b7c88c6b77c37fbb9da318be53b75f43dbcfaf39ab
buildah-tests-debuginfo-1.41.6-1.el9_7.x86_64.rpm SHA-256: 9a8068916fad7a52dd5048994cb7fd87def33e9c24b351a508806080db87e2ce

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
buildah-1.41.6-1.el9_7.src.rpm SHA-256: 6e482a05bebbb501efce13bec58959e6bab3d5a0fa553135c4572780312ed173
s390x
buildah-1.41.6-1.el9_7.s390x.rpm SHA-256: 561172e9641a9f86fa29d0b4674cc2a7745fc98f80210cec26129a8ee002d376
buildah-debuginfo-1.41.6-1.el9_7.s390x.rpm SHA-256: b4b5ec9629b9677f6147e5b29d168288ccf82cd01cb3f5f2788ec9c65f492aa4
buildah-debugsource-1.41.6-1.el9_7.s390x.rpm SHA-256: 92adbfd3eac68509ce1811087cd8b1903e36ffcadae083ad375e324d7853de21
buildah-tests-1.41.6-1.el9_7.s390x.rpm SHA-256: bee62de40a084796527675e2c470878f0b028a200b9b96aa5cd63d56a62138ea
buildah-tests-debuginfo-1.41.6-1.el9_7.s390x.rpm SHA-256: dfd9cadcacfd9ea34cbe6d3685ffd2de08acfa34457ecdd6784938ecae8797f1

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8

SRPM
buildah-1.41.6-1.el9_7.src.rpm SHA-256: 6e482a05bebbb501efce13bec58959e6bab3d5a0fa553135c4572780312ed173
s390x
buildah-1.41.6-1.el9_7.s390x.rpm SHA-256: 561172e9641a9f86fa29d0b4674cc2a7745fc98f80210cec26129a8ee002d376
buildah-debuginfo-1.41.6-1.el9_7.s390x.rpm SHA-256: b4b5ec9629b9677f6147e5b29d168288ccf82cd01cb3f5f2788ec9c65f492aa4
buildah-debugsource-1.41.6-1.el9_7.s390x.rpm SHA-256: 92adbfd3eac68509ce1811087cd8b1903e36ffcadae083ad375e324d7853de21
buildah-tests-1.41.6-1.el9_7.s390x.rpm SHA-256: bee62de40a084796527675e2c470878f0b028a200b9b96aa5cd63d56a62138ea
buildah-tests-debuginfo-1.41.6-1.el9_7.s390x.rpm SHA-256: dfd9cadcacfd9ea34cbe6d3685ffd2de08acfa34457ecdd6784938ecae8797f1

Red Hat Enterprise Linux for Power, little endian 9

SRPM
buildah-1.41.6-1.el9_7.src.rpm SHA-256: 6e482a05bebbb501efce13bec58959e6bab3d5a0fa553135c4572780312ed173
ppc64le
buildah-1.41.6-1.el9_7.ppc64le.rpm SHA-256: de4d245e6c496a5f4b49251ab5b5ede55bf488bfbfda4d653125f327070a52c1
buildah-debuginfo-1.41.6-1.el9_7.ppc64le.rpm SHA-256: d9f91eaa44e6b26917c2581a1cb95452f3051d8afb61441828ce4aa3bb0089ae
buildah-debugsource-1.41.6-1.el9_7.ppc64le.rpm SHA-256: 4245a3424968daa66917f9b179a6d299e386744d4b153ffe14d6eb2a7a72cf38
buildah-tests-1.41.6-1.el9_7.ppc64le.rpm SHA-256: 0c6472746a286f58b24f78e1c14ecba4344d1b69205e8603d4b973cce732d2f9
buildah-tests-debuginfo-1.41.6-1.el9_7.ppc64le.rpm SHA-256: 6e62e9b650c82d1ccb266e4cd290ea6f2857070c1dd431292b0903c2fbf38bc7

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8

SRPM
buildah-1.41.6-1.el9_7.src.rpm SHA-256: 6e482a05bebbb501efce13bec58959e6bab3d5a0fa553135c4572780312ed173
ppc64le
buildah-1.41.6-1.el9_7.ppc64le.rpm SHA-256: de4d245e6c496a5f4b49251ab5b5ede55bf488bfbfda4d653125f327070a52c1
buildah-debuginfo-1.41.6-1.el9_7.ppc64le.rpm SHA-256: d9f91eaa44e6b26917c2581a1cb95452f3051d8afb61441828ce4aa3bb0089ae
buildah-debugsource-1.41.6-1.el9_7.ppc64le.rpm SHA-256: 4245a3424968daa66917f9b179a6d299e386744d4b153ffe14d6eb2a7a72cf38
buildah-tests-1.41.6-1.el9_7.ppc64le.rpm SHA-256: 0c6472746a286f58b24f78e1c14ecba4344d1b69205e8603d4b973cce732d2f9
buildah-tests-debuginfo-1.41.6-1.el9_7.ppc64le.rpm SHA-256: 6e62e9b650c82d1ccb266e4cd290ea6f2857070c1dd431292b0903c2fbf38bc7

Red Hat Enterprise Linux for ARM 64 9

SRPM
buildah-1.41.6-1.el9_7.src.rpm SHA-256: 6e482a05bebbb501efce13bec58959e6bab3d5a0fa553135c4572780312ed173
aarch64
buildah-1.41.6-1.el9_7.aarch64.rpm SHA-256: d95fd1eb9f2e3ff7086dd81a08c080dd068d0ac9de46012f6b0742bd6feda4bc
buildah-debuginfo-1.41.6-1.el9_7.aarch64.rpm SHA-256: 6300617388740899cd1a64121fd480c202a129f6a0d010f82deabc667fe7dbc5
buildah-debugsource-1.41.6-1.el9_7.aarch64.rpm SHA-256: ec729f3a21b290ea56a16febf33eb56380310830fa2d269596336844e47d5122
buildah-tests-1.41.6-1.el9_7.aarch64.rpm SHA-256: ad744256320512e66a7884513c5761e2e08b76349bbe044cc4a561960369ead6
buildah-tests-debuginfo-1.41.6-1.el9_7.aarch64.rpm SHA-256: 3b3c5faa22b272edae7998e65c0c9225c6bda25c755c61ec91e1c03a384fc91c

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8

SRPM
buildah-1.41.6-1.el9_7.src.rpm SHA-256: 6e482a05bebbb501efce13bec58959e6bab3d5a0fa553135c4572780312ed173
aarch64
buildah-1.41.6-1.el9_7.aarch64.rpm SHA-256: d95fd1eb9f2e3ff7086dd81a08c080dd068d0ac9de46012f6b0742bd6feda4bc
buildah-debuginfo-1.41.6-1.el9_7.aarch64.rpm SHA-256: 6300617388740899cd1a64121fd480c202a129f6a0d010f82deabc667fe7dbc5
buildah-debugsource-1.41.6-1.el9_7.aarch64.rpm SHA-256: ec729f3a21b290ea56a16febf33eb56380310830fa2d269596336844e47d5122
buildah-tests-1.41.6-1.el9_7.aarch64.rpm SHA-256: ad744256320512e66a7884513c5761e2e08b76349bbe044cc4a561960369ead6
buildah-tests-debuginfo-1.41.6-1.el9_7.aarch64.rpm SHA-256: 3b3c5faa22b272edae7998e65c0c9225c6bda25c755c61ec91e1c03a384fc91c

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8

SRPM
buildah-1.41.6-1.el9_7.src.rpm SHA-256: 6e482a05bebbb501efce13bec58959e6bab3d5a0fa553135c4572780312ed173
ppc64le
buildah-1.41.6-1.el9_7.ppc64le.rpm SHA-256: de4d245e6c496a5f4b49251ab5b5ede55bf488bfbfda4d653125f327070a52c1
buildah-debuginfo-1.41.6-1.el9_7.ppc64le.rpm SHA-256: d9f91eaa44e6b26917c2581a1cb95452f3051d8afb61441828ce4aa3bb0089ae
buildah-debugsource-1.41.6-1.el9_7.ppc64le.rpm SHA-256: 4245a3424968daa66917f9b179a6d299e386744d4b153ffe14d6eb2a7a72cf38
buildah-tests-1.41.6-1.el9_7.ppc64le.rpm SHA-256: 0c6472746a286f58b24f78e1c14ecba4344d1b69205e8603d4b973cce732d2f9
buildah-tests-debuginfo-1.41.6-1.el9_7.ppc64le.rpm SHA-256: 6e62e9b650c82d1ccb266e4cd290ea6f2857070c1dd431292b0903c2fbf38bc7

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8

SRPM
buildah-1.41.6-1.el9_7.src.rpm SHA-256: 6e482a05bebbb501efce13bec58959e6bab3d5a0fa553135c4572780312ed173
x86_64
buildah-1.41.6-1.el9_7.x86_64.rpm SHA-256: a462c33f78fe48e7c5d032e316cd326b81f53bccca3e8a20927a7485c293cb72
buildah-debuginfo-1.41.6-1.el9_7.x86_64.rpm SHA-256: 4939279d85dfc613212ea67d07f570d52abb3977e8c86442e3c9d13e851ead4b
buildah-debugsource-1.41.6-1.el9_7.x86_64.rpm SHA-256: 2ca343995fc35f46ccaa26765f37464ec97fdf7601c0f6746007ffea5d354090
buildah-tests-1.41.6-1.el9_7.x86_64.rpm SHA-256: 6693abe346f8d2f53953a7b7c88c6b77c37fbb9da318be53b75f43dbcfaf39ab
buildah-tests-debuginfo-1.41.6-1.el9_7.x86_64.rpm SHA-256: 9a8068916fad7a52dd5048994cb7fd87def33e9c24b351a508806080db87e2ce

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8

SRPM
buildah-1.41.6-1.el9_7.src.rpm SHA-256: 6e482a05bebbb501efce13bec58959e6bab3d5a0fa553135c4572780312ed173
aarch64
buildah-1.41.6-1.el9_7.aarch64.rpm SHA-256: d95fd1eb9f2e3ff7086dd81a08c080dd068d0ac9de46012f6b0742bd6feda4bc
buildah-debuginfo-1.41.6-1.el9_7.aarch64.rpm SHA-256: 6300617388740899cd1a64121fd480c202a129f6a0d010f82deabc667fe7dbc5
buildah-debugsource-1.41.6-1.el9_7.aarch64.rpm SHA-256: ec729f3a21b290ea56a16febf33eb56380310830fa2d269596336844e47d5122
buildah-tests-1.41.6-1.el9_7.aarch64.rpm SHA-256: ad744256320512e66a7884513c5761e2e08b76349bbe044cc4a561960369ead6
buildah-tests-debuginfo-1.41.6-1.el9_7.aarch64.rpm SHA-256: 3b3c5faa22b272edae7998e65c0c9225c6bda25c755c61ec91e1c03a384fc91c

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8

SRPM
buildah-1.41.6-1.el9_7.src.rpm SHA-256: 6e482a05bebbb501efce13bec58959e6bab3d5a0fa553135c4572780312ed173
s390x
buildah-1.41.6-1.el9_7.s390x.rpm SHA-256: 561172e9641a9f86fa29d0b4674cc2a7745fc98f80210cec26129a8ee002d376
buildah-debuginfo-1.41.6-1.el9_7.s390x.rpm SHA-256: b4b5ec9629b9677f6147e5b29d168288ccf82cd01cb3f5f2788ec9c65f492aa4
buildah-debugsource-1.41.6-1.el9_7.s390x.rpm SHA-256: 92adbfd3eac68509ce1811087cd8b1903e36ffcadae083ad375e324d7853de21
buildah-tests-1.41.6-1.el9_7.s390x.rpm SHA-256: bee62de40a084796527675e2c470878f0b028a200b9b96aa5cd63d56a62138ea
buildah-tests-debuginfo-1.41.6-1.el9_7.s390x.rpm SHA-256: dfd9cadcacfd9ea34cbe6d3685ffd2de08acfa34457ecdd6784938ecae8797f1

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8

SRPM
buildah-1.41.6-1.el9_7.src.rpm SHA-256: 6e482a05bebbb501efce13bec58959e6bab3d5a0fa553135c4572780312ed173
x86_64
buildah-1.41.6-1.el9_7.x86_64.rpm SHA-256: a462c33f78fe48e7c5d032e316cd326b81f53bccca3e8a20927a7485c293cb72
buildah-debuginfo-1.41.6-1.el9_7.x86_64.rpm SHA-256: 4939279d85dfc613212ea67d07f570d52abb3977e8c86442e3c9d13e851ead4b
buildah-debugsource-1.41.6-1.el9_7.x86_64.rpm SHA-256: 2ca343995fc35f46ccaa26765f37464ec97fdf7601c0f6746007ffea5d354090
buildah-tests-1.41.6-1.el9_7.x86_64.rpm SHA-256: 6693abe346f8d2f53953a7b7c88c6b77c37fbb9da318be53b75f43dbcfaf39ab
buildah-tests-debuginfo-1.41.6-1.el9_7.x86_64.rpm SHA-256: 9a8068916fad7a52dd5048994cb7fd87def33e9c24b351a508806080db87e2ce

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8

SRPM
buildah-1.41.6-1.el9_7.src.rpm SHA-256: 6e482a05bebbb501efce13bec58959e6bab3d5a0fa553135c4572780312ed173
aarch64
buildah-1.41.6-1.el9_7.aarch64.rpm SHA-256: d95fd1eb9f2e3ff7086dd81a08c080dd068d0ac9de46012f6b0742bd6feda4bc
buildah-debuginfo-1.41.6-1.el9_7.aarch64.rpm SHA-256: 6300617388740899cd1a64121fd480c202a129f6a0d010f82deabc667fe7dbc5
buildah-debugsource-1.41.6-1.el9_7.aarch64.rpm SHA-256: ec729f3a21b290ea56a16febf33eb56380310830fa2d269596336844e47d5122
buildah-tests-1.41.6-1.el9_7.aarch64.rpm SHA-256: ad744256320512e66a7884513c5761e2e08b76349bbe044cc4a561960369ead6
buildah-tests-debuginfo-1.41.6-1.el9_7.aarch64.rpm SHA-256: 3b3c5faa22b272edae7998e65c0c9225c6bda25c755c61ec91e1c03a384fc91c

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8

SRPM
buildah-1.41.6-1.el9_7.src.rpm SHA-256: 6e482a05bebbb501efce13bec58959e6bab3d5a0fa553135c4572780312ed173
ppc64le
buildah-1.41.6-1.el9_7.ppc64le.rpm SHA-256: de4d245e6c496a5f4b49251ab5b5ede55bf488bfbfda4d653125f327070a52c1
buildah-debuginfo-1.41.6-1.el9_7.ppc64le.rpm SHA-256: d9f91eaa44e6b26917c2581a1cb95452f3051d8afb61441828ce4aa3bb0089ae
buildah-debugsource-1.41.6-1.el9_7.ppc64le.rpm SHA-256: 4245a3424968daa66917f9b179a6d299e386744d4b153ffe14d6eb2a7a72cf38
buildah-tests-1.41.6-1.el9_7.ppc64le.rpm SHA-256: 0c6472746a286f58b24f78e1c14ecba4344d1b69205e8603d4b973cce732d2f9
buildah-tests-debuginfo-1.41.6-1.el9_7.ppc64le.rpm SHA-256: 6e62e9b650c82d1ccb266e4cd290ea6f2857070c1dd431292b0903c2fbf38bc7

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8

SRPM
buildah-1.41.6-1.el9_7.src.rpm SHA-256: 6e482a05bebbb501efce13bec58959e6bab3d5a0fa553135c4572780312ed173
s390x
buildah-1.41.6-1.el9_7.s390x.rpm SHA-256: 561172e9641a9f86fa29d0b4674cc2a7745fc98f80210cec26129a8ee002d376
buildah-debuginfo-1.41.6-1.el9_7.s390x.rpm SHA-256: b4b5ec9629b9677f6147e5b29d168288ccf82cd01cb3f5f2788ec9c65f492aa4
buildah-debugsource-1.41.6-1.el9_7.s390x.rpm SHA-256: 92adbfd3eac68509ce1811087cd8b1903e36ffcadae083ad375e324d7853de21
buildah-tests-1.41.6-1.el9_7.s390x.rpm SHA-256: bee62de40a084796527675e2c470878f0b028a200b9b96aa5cd63d56a62138ea
buildah-tests-debuginfo-1.41.6-1.el9_7.s390x.rpm SHA-256: dfd9cadcacfd9ea34cbe6d3685ffd2de08acfa34457ecdd6784938ecae8797f1

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/