Issued:: 2025-12-16
Updated:: 2025-12-18

RHSA-2025:23347 - Security Advisory

Overview
Updated Packages

Synopsis

Important: podman security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for podman is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fix(es):

runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881)
golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

BZ - 2404715 - CVE-2025-52881 runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects
BZ - 2407258 - CVE-2025-58183 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
podman-5.4.0-14.el10_0.src.rpm	SHA-256: 34b8bfab59a009b0328695022618507ff1c6dd35dbc0b359fb23826dc3ae0e35
x86_64
podman-5.4.0-14.el10_0.x86_64.rpm	SHA-256: f754735bfbfc4d5e2994972bd69174b97a4e7a0810dd9d8d4cd8e83157a16017
podman-debuginfo-5.4.0-14.el10_0.x86_64.rpm	SHA-256: 32be59d119d529da68849c9780d10b3130b5ddf583e5d8548ea1205bdae8ae8a
podman-debugsource-5.4.0-14.el10_0.x86_64.rpm	SHA-256: 4b7fd4f39db5a631e441ea5a106dc3f570e8ac25dd6c6b05c6f6040c3218e9ea
podman-docker-5.4.0-14.el10_0.noarch.rpm	SHA-256: f4143336888df60734a4ee181f6b1bf4d203ecf4742c795bb47c30444afc57df
podman-remote-5.4.0-14.el10_0.x86_64.rpm	SHA-256: f7fe6e571222e10a12151cbfac408561eb6a7b5a49750e19b80d6e3fa65467b2
podman-remote-debuginfo-5.4.0-14.el10_0.x86_64.rpm	SHA-256: a5c7bc54f9d4ccf5e06010f39767cc0518ec29deea1634070f5723c57554c366
podman-tests-debuginfo-5.4.0-14.el10_0.x86_64.rpm	SHA-256: 4b4cf065fc81eb5744b3ffd0bddc7fe305e5af7789c81d41104484f0de986574

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
podman-5.4.0-14.el10_0.src.rpm	SHA-256: 34b8bfab59a009b0328695022618507ff1c6dd35dbc0b359fb23826dc3ae0e35
s390x
podman-5.4.0-14.el10_0.s390x.rpm	SHA-256: c1de14877ac3b73e8f7e7225ce5a0db7608f01a89ef07c5742283f8a983150b4
podman-debuginfo-5.4.0-14.el10_0.s390x.rpm	SHA-256: 4a2ee962bb53ae03baa472639cad13b80a07014b77da40794d3ec245b2609d15
podman-debugsource-5.4.0-14.el10_0.s390x.rpm	SHA-256: ea47ed5b50e3ff63117beb23e61b5f7226f1144388bc8cf75ea02976bbd7c221
podman-docker-5.4.0-14.el10_0.noarch.rpm	SHA-256: f4143336888df60734a4ee181f6b1bf4d203ecf4742c795bb47c30444afc57df
podman-remote-5.4.0-14.el10_0.s390x.rpm	SHA-256: af360adfefb226c80e056552064626803f57cc0366411e296ee4a8367ae71dd2
podman-remote-debuginfo-5.4.0-14.el10_0.s390x.rpm	SHA-256: db611a6c13c0eeabcda9888a7cc92908a2896b3d1474e8be5a3f35ce1d0d6370
podman-tests-debuginfo-5.4.0-14.el10_0.s390x.rpm	SHA-256: eaaf06ab4b2f30fbe1b8f8caa8d88f444bedee6508f4507150262a476bf77d44

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
podman-5.4.0-14.el10_0.src.rpm	SHA-256: 34b8bfab59a009b0328695022618507ff1c6dd35dbc0b359fb23826dc3ae0e35
ppc64le
podman-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: 7ff7f58bd43ec6c7984831e0740cbfb5ea61f207022b32ff2e2e50a348f1b174
podman-debuginfo-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: aa71ed2af7074bedfb043581410030c082812d8b949f117aa13f2007644c5b00
podman-debugsource-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: d8322b6260fe116110b997ee7d67f2ea94dde1ca068b79b2e20b9e8a9f08267e
podman-docker-5.4.0-14.el10_0.noarch.rpm	SHA-256: f4143336888df60734a4ee181f6b1bf4d203ecf4742c795bb47c30444afc57df
podman-remote-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: 17c6189dedf36c548267058dc3565f9282c0b8fb9a6ffc539dbc2d933e3280a3
podman-remote-debuginfo-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: 7b602d9d70706832895f1e1d735f0737bbf67ae37245dffeb6d2b024ea4ab059
podman-tests-debuginfo-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: 0fd5fac2fd0acd9599158876604cb37d800f5e1c98ef31bcc226572d8753ab13

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
podman-5.4.0-14.el10_0.src.rpm	SHA-256: 34b8bfab59a009b0328695022618507ff1c6dd35dbc0b359fb23826dc3ae0e35
aarch64
podman-5.4.0-14.el10_0.aarch64.rpm	SHA-256: cad2ea6f8f40d28eaa49a31e44e4336a35020abada2aa4d60618f0b2086bc706
podman-debuginfo-5.4.0-14.el10_0.aarch64.rpm	SHA-256: 4e43953c136c3cf37ae5d94b3055f91c5d36b08edfe9fdc1e4991cd49ddc895e
podman-debugsource-5.4.0-14.el10_0.aarch64.rpm	SHA-256: aab57da2339d9c1fb8e8020694b068cdad97c5dfb7d4e5abc66b4466fd90f29e
podman-docker-5.4.0-14.el10_0.noarch.rpm	SHA-256: f4143336888df60734a4ee181f6b1bf4d203ecf4742c795bb47c30444afc57df
podman-remote-5.4.0-14.el10_0.aarch64.rpm	SHA-256: 255b000a403df56a30ac01a865a7618a05669527719f29211f46221b362a0d76
podman-remote-debuginfo-5.4.0-14.el10_0.aarch64.rpm	SHA-256: 3fa1aa5ea1f95dd90a65549a0284f24a3c1f75ceef8c1b1c37e94ef92e0d3109
podman-tests-debuginfo-5.4.0-14.el10_0.aarch64.rpm	SHA-256: 59510d073f96ad6c4f1ff6397b5697ce8c20c5e1a8b2a7860eef30dde49b10cf

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0

SRPM
x86_64
podman-debuginfo-5.4.0-14.el10_0.x86_64.rpm	SHA-256: 32be59d119d529da68849c9780d10b3130b5ddf583e5d8548ea1205bdae8ae8a
podman-debugsource-5.4.0-14.el10_0.x86_64.rpm	SHA-256: 4b7fd4f39db5a631e441ea5a106dc3f570e8ac25dd6c6b05c6f6040c3218e9ea
podman-remote-debuginfo-5.4.0-14.el10_0.x86_64.rpm	SHA-256: a5c7bc54f9d4ccf5e06010f39767cc0518ec29deea1634070f5723c57554c366
podman-tests-5.4.0-14.el10_0.x86_64.rpm	SHA-256: 2c8b473fe43cfec9bab8d3d79b8843ec827ffb3172beea64b6749421f8511c6c
podman-tests-debuginfo-5.4.0-14.el10_0.x86_64.rpm	SHA-256: 4b4cf065fc81eb5744b3ffd0bddc7fe305e5af7789c81d41104484f0de986574

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0

SRPM
ppc64le
podman-debuginfo-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: aa71ed2af7074bedfb043581410030c082812d8b949f117aa13f2007644c5b00
podman-debugsource-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: d8322b6260fe116110b997ee7d67f2ea94dde1ca068b79b2e20b9e8a9f08267e
podman-remote-debuginfo-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: 7b602d9d70706832895f1e1d735f0737bbf67ae37245dffeb6d2b024ea4ab059
podman-tests-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: 6da43473746d095a7e2f303f9b5a22a7bc752a0c5ba3fcaecf374ec61286aed4
podman-tests-debuginfo-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: 0fd5fac2fd0acd9599158876604cb37d800f5e1c98ef31bcc226572d8753ab13

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0

SRPM
s390x
podman-debuginfo-5.4.0-14.el10_0.s390x.rpm	SHA-256: 4a2ee962bb53ae03baa472639cad13b80a07014b77da40794d3ec245b2609d15
podman-debugsource-5.4.0-14.el10_0.s390x.rpm	SHA-256: ea47ed5b50e3ff63117beb23e61b5f7226f1144388bc8cf75ea02976bbd7c221
podman-remote-debuginfo-5.4.0-14.el10_0.s390x.rpm	SHA-256: db611a6c13c0eeabcda9888a7cc92908a2896b3d1474e8be5a3f35ce1d0d6370
podman-tests-5.4.0-14.el10_0.s390x.rpm	SHA-256: 22f6ed8c14bef648925bd9e140cf38aa29c1cf6b4f65c35450938d2a7602ce33
podman-tests-debuginfo-5.4.0-14.el10_0.s390x.rpm	SHA-256: eaaf06ab4b2f30fbe1b8f8caa8d88f444bedee6508f4507150262a476bf77d44

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0

SRPM
aarch64
podman-debuginfo-5.4.0-14.el10_0.aarch64.rpm	SHA-256: 4e43953c136c3cf37ae5d94b3055f91c5d36b08edfe9fdc1e4991cd49ddc895e
podman-debugsource-5.4.0-14.el10_0.aarch64.rpm	SHA-256: aab57da2339d9c1fb8e8020694b068cdad97c5dfb7d4e5abc66b4466fd90f29e
podman-remote-debuginfo-5.4.0-14.el10_0.aarch64.rpm	SHA-256: 3fa1aa5ea1f95dd90a65549a0284f24a3c1f75ceef8c1b1c37e94ef92e0d3109
podman-tests-5.4.0-14.el10_0.aarch64.rpm	SHA-256: 3a5e701b19aa2227d04e417258008db3e01aa9b4fafd2fef0cd58e0f2a1b7453
podman-tests-debuginfo-5.4.0-14.el10_0.aarch64.rpm	SHA-256: 59510d073f96ad6c4f1ff6397b5697ce8c20c5e1a8b2a7860eef30dde49b10cf

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
podman-5.4.0-14.el10_0.src.rpm	SHA-256: 34b8bfab59a009b0328695022618507ff1c6dd35dbc0b359fb23826dc3ae0e35
aarch64
podman-5.4.0-14.el10_0.aarch64.rpm	SHA-256: cad2ea6f8f40d28eaa49a31e44e4336a35020abada2aa4d60618f0b2086bc706
podman-debuginfo-5.4.0-14.el10_0.aarch64.rpm	SHA-256: 4e43953c136c3cf37ae5d94b3055f91c5d36b08edfe9fdc1e4991cd49ddc895e
podman-debugsource-5.4.0-14.el10_0.aarch64.rpm	SHA-256: aab57da2339d9c1fb8e8020694b068cdad97c5dfb7d4e5abc66b4466fd90f29e
podman-docker-5.4.0-14.el10_0.noarch.rpm	SHA-256: f4143336888df60734a4ee181f6b1bf4d203ecf4742c795bb47c30444afc57df
podman-remote-5.4.0-14.el10_0.aarch64.rpm	SHA-256: 255b000a403df56a30ac01a865a7618a05669527719f29211f46221b362a0d76
podman-remote-debuginfo-5.4.0-14.el10_0.aarch64.rpm	SHA-256: 3fa1aa5ea1f95dd90a65549a0284f24a3c1f75ceef8c1b1c37e94ef92e0d3109
podman-tests-debuginfo-5.4.0-14.el10_0.aarch64.rpm	SHA-256: 59510d073f96ad6c4f1ff6397b5697ce8c20c5e1a8b2a7860eef30dde49b10cf

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
podman-5.4.0-14.el10_0.src.rpm	SHA-256: 34b8bfab59a009b0328695022618507ff1c6dd35dbc0b359fb23826dc3ae0e35
s390x
podman-5.4.0-14.el10_0.s390x.rpm	SHA-256: c1de14877ac3b73e8f7e7225ce5a0db7608f01a89ef07c5742283f8a983150b4
podman-debuginfo-5.4.0-14.el10_0.s390x.rpm	SHA-256: 4a2ee962bb53ae03baa472639cad13b80a07014b77da40794d3ec245b2609d15
podman-debugsource-5.4.0-14.el10_0.s390x.rpm	SHA-256: ea47ed5b50e3ff63117beb23e61b5f7226f1144388bc8cf75ea02976bbd7c221
podman-docker-5.4.0-14.el10_0.noarch.rpm	SHA-256: f4143336888df60734a4ee181f6b1bf4d203ecf4742c795bb47c30444afc57df
podman-remote-5.4.0-14.el10_0.s390x.rpm	SHA-256: af360adfefb226c80e056552064626803f57cc0366411e296ee4a8367ae71dd2
podman-remote-debuginfo-5.4.0-14.el10_0.s390x.rpm	SHA-256: db611a6c13c0eeabcda9888a7cc92908a2896b3d1474e8be5a3f35ce1d0d6370
podman-tests-debuginfo-5.4.0-14.el10_0.s390x.rpm	SHA-256: eaaf06ab4b2f30fbe1b8f8caa8d88f444bedee6508f4507150262a476bf77d44

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
podman-5.4.0-14.el10_0.src.rpm	SHA-256: 34b8bfab59a009b0328695022618507ff1c6dd35dbc0b359fb23826dc3ae0e35
ppc64le
podman-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: 7ff7f58bd43ec6c7984831e0740cbfb5ea61f207022b32ff2e2e50a348f1b174
podman-debuginfo-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: aa71ed2af7074bedfb043581410030c082812d8b949f117aa13f2007644c5b00
podman-debugsource-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: d8322b6260fe116110b997ee7d67f2ea94dde1ca068b79b2e20b9e8a9f08267e
podman-docker-5.4.0-14.el10_0.noarch.rpm	SHA-256: f4143336888df60734a4ee181f6b1bf4d203ecf4742c795bb47c30444afc57df
podman-remote-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: 17c6189dedf36c548267058dc3565f9282c0b8fb9a6ffc539dbc2d933e3280a3
podman-remote-debuginfo-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: 7b602d9d70706832895f1e1d735f0737bbf67ae37245dffeb6d2b024ea4ab059
podman-tests-debuginfo-5.4.0-14.el10_0.ppc64le.rpm	SHA-256: 0fd5fac2fd0acd9599158876604cb37d800f5e1c98ef31bcc226572d8753ab13

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
podman-5.4.0-14.el10_0.src.rpm	SHA-256: 34b8bfab59a009b0328695022618507ff1c6dd35dbc0b359fb23826dc3ae0e35
x86_64
podman-5.4.0-14.el10_0.x86_64.rpm	SHA-256: f754735bfbfc4d5e2994972bd69174b97a4e7a0810dd9d8d4cd8e83157a16017
podman-debuginfo-5.4.0-14.el10_0.x86_64.rpm	SHA-256: 32be59d119d529da68849c9780d10b3130b5ddf583e5d8548ea1205bdae8ae8a
podman-debugsource-5.4.0-14.el10_0.x86_64.rpm	SHA-256: 4b7fd4f39db5a631e441ea5a106dc3f570e8ac25dd6c6b05c6f6040c3218e9ea
podman-docker-5.4.0-14.el10_0.noarch.rpm	SHA-256: f4143336888df60734a4ee181f6b1bf4d203ecf4742c795bb47c30444afc57df
podman-remote-5.4.0-14.el10_0.x86_64.rpm	SHA-256: f7fe6e571222e10a12151cbfac408561eb6a7b5a49750e19b80d6e3fa65467b2
podman-remote-debuginfo-5.4.0-14.el10_0.x86_64.rpm	SHA-256: a5c7bc54f9d4ccf5e06010f39767cc0518ec29deea1634070f5723c57554c366
podman-tests-debuginfo-5.4.0-14.el10_0.x86_64.rpm	SHA-256: 4b4cf065fc81eb5744b3ffd0bddc7fe305e5af7789c81d41104484f0de986574

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation