Red Hat Product Errata RHSA-2025:3185 - Security Advisory
Issued:
2025-03-25
Updated:
2025-03-25

RHSA-2025:3185 - Security Advisory

Synopsis

Important: gvisor-tap-vsock security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.

Security Fix(es):

  • golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x

Fixes

  • BZ - 2348367 - CVE-2025-22869 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
gvisor-tap-vsock-0.7.3-5.el9_4.1.src.rpm SHA-256: 7db2e0fc5e870ccc136509ee75b25697642ebfe0ee39acb6c1fb7b77120c173b
x86_64
gvisor-tap-vsock-0.7.3-5.el9_4.1.x86_64.rpm SHA-256: fcc19e23e1ed7be48add8342d0ec8259bd79a3af04390161c2011954ca801053
gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.1.x86_64.rpm SHA-256: cb09db8ad1bcc3a2ba4cc2be42c2f219956576f4efd5d496dd0ec61fb4fcfa42
gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.1.x86_64.rpm SHA-256: 3be48e3d3fd78258decf3bf28d7482d541ad61f903dcbee16eb71f5336e73cbb

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
gvisor-tap-vsock-0.7.3-5.el9_4.1.src.rpm SHA-256: 7db2e0fc5e870ccc136509ee75b25697642ebfe0ee39acb6c1fb7b77120c173b
x86_64
gvisor-tap-vsock-0.7.3-5.el9_4.1.x86_64.rpm SHA-256: fcc19e23e1ed7be48add8342d0ec8259bd79a3af04390161c2011954ca801053
gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.1.x86_64.rpm SHA-256: cb09db8ad1bcc3a2ba4cc2be42c2f219956576f4efd5d496dd0ec61fb4fcfa42
gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.1.x86_64.rpm SHA-256: 3be48e3d3fd78258decf3bf28d7482d541ad61f903dcbee16eb71f5336e73cbb

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
gvisor-tap-vsock-0.7.3-5.el9_4.1.src.rpm SHA-256: 7db2e0fc5e870ccc136509ee75b25697642ebfe0ee39acb6c1fb7b77120c173b
s390x
gvisor-tap-vsock-0.7.3-5.el9_4.1.s390x.rpm SHA-256: 1287576f8e8bbb0e183e3497b0781fd590d80324ab9aac542cc4c2eee30ae7ad
gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.1.s390x.rpm SHA-256: ad94278b15d76a409606c7c2ba4de71e792f9c8297f86ee8c5f70a7cf5f76072
gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.1.s390x.rpm SHA-256: adf9762abb439f7d02d5323b0209422ce402113df280cf3c1f6f5d406fcdcf2e

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
gvisor-tap-vsock-0.7.3-5.el9_4.1.src.rpm SHA-256: 7db2e0fc5e870ccc136509ee75b25697642ebfe0ee39acb6c1fb7b77120c173b
ppc64le
gvisor-tap-vsock-0.7.3-5.el9_4.1.ppc64le.rpm SHA-256: c807d88a12a2c562888b90957e8a4649693d510afe4ee004427fc99f2bac0df8
gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.1.ppc64le.rpm SHA-256: c9b756d96a68404657d10f0464a224d4e83afb17279d58b8e3a26b1fe9afa680
gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.1.ppc64le.rpm SHA-256: 26e2259d4dff5fdc3e2055af4cf1b0e421ec28f73bdec76aecd7a499f64342a9

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
gvisor-tap-vsock-0.7.3-5.el9_4.1.src.rpm SHA-256: 7db2e0fc5e870ccc136509ee75b25697642ebfe0ee39acb6c1fb7b77120c173b
aarch64
gvisor-tap-vsock-0.7.3-5.el9_4.1.aarch64.rpm SHA-256: c23e74224024ed818eeb9dcb3d5d152e5f348cd56d2c6ba35c2620a83c5d2907
gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.1.aarch64.rpm SHA-256: 8c81af46c34ac27d88e20709cd43b3544200c2a2b580bace073ed0627b69c1d9
gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.1.aarch64.rpm SHA-256: 017c25fc2e091f64a2dd80e389a4a9473d8166fa0a22ad8a797a4d2efe31709d

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
gvisor-tap-vsock-0.7.3-5.el9_4.1.src.rpm SHA-256: 7db2e0fc5e870ccc136509ee75b25697642ebfe0ee39acb6c1fb7b77120c173b
ppc64le
gvisor-tap-vsock-0.7.3-5.el9_4.1.ppc64le.rpm SHA-256: c807d88a12a2c562888b90957e8a4649693d510afe4ee004427fc99f2bac0df8
gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.1.ppc64le.rpm SHA-256: c9b756d96a68404657d10f0464a224d4e83afb17279d58b8e3a26b1fe9afa680
gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.1.ppc64le.rpm SHA-256: 26e2259d4dff5fdc3e2055af4cf1b0e421ec28f73bdec76aecd7a499f64342a9

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
gvisor-tap-vsock-0.7.3-5.el9_4.1.src.rpm SHA-256: 7db2e0fc5e870ccc136509ee75b25697642ebfe0ee39acb6c1fb7b77120c173b
x86_64
gvisor-tap-vsock-0.7.3-5.el9_4.1.x86_64.rpm SHA-256: fcc19e23e1ed7be48add8342d0ec8259bd79a3af04390161c2011954ca801053
gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.1.x86_64.rpm SHA-256: cb09db8ad1bcc3a2ba4cc2be42c2f219956576f4efd5d496dd0ec61fb4fcfa42
gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.1.x86_64.rpm SHA-256: 3be48e3d3fd78258decf3bf28d7482d541ad61f903dcbee16eb71f5336e73cbb

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
gvisor-tap-vsock-0.7.3-5.el9_4.1.src.rpm SHA-256: 7db2e0fc5e870ccc136509ee75b25697642ebfe0ee39acb6c1fb7b77120c173b
aarch64
gvisor-tap-vsock-0.7.3-5.el9_4.1.aarch64.rpm SHA-256: c23e74224024ed818eeb9dcb3d5d152e5f348cd56d2c6ba35c2620a83c5d2907
gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.1.aarch64.rpm SHA-256: 8c81af46c34ac27d88e20709cd43b3544200c2a2b580bace073ed0627b69c1d9
gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.1.aarch64.rpm SHA-256: 017c25fc2e091f64a2dd80e389a4a9473d8166fa0a22ad8a797a4d2efe31709d

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
gvisor-tap-vsock-0.7.3-5.el9_4.1.src.rpm SHA-256: 7db2e0fc5e870ccc136509ee75b25697642ebfe0ee39acb6c1fb7b77120c173b
s390x
gvisor-tap-vsock-0.7.3-5.el9_4.1.s390x.rpm SHA-256: 1287576f8e8bbb0e183e3497b0781fd590d80324ab9aac542cc4c2eee30ae7ad
gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.1.s390x.rpm SHA-256: ad94278b15d76a409606c7c2ba4de71e792f9c8297f86ee8c5f70a7cf5f76072
gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.1.s390x.rpm SHA-256: adf9762abb439f7d02d5323b0209422ce402113df280cf3c1f6f5d406fcdcf2e

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4

SRPM
gvisor-tap-vsock-0.7.3-5.el9_4.1.src.rpm SHA-256: 7db2e0fc5e870ccc136509ee75b25697642ebfe0ee39acb6c1fb7b77120c173b
x86_64
gvisor-tap-vsock-0.7.3-5.el9_4.1.x86_64.rpm SHA-256: fcc19e23e1ed7be48add8342d0ec8259bd79a3af04390161c2011954ca801053
gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.1.x86_64.rpm SHA-256: cb09db8ad1bcc3a2ba4cc2be42c2f219956576f4efd5d496dd0ec61fb4fcfa42
gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.1.x86_64.rpm SHA-256: 3be48e3d3fd78258decf3bf28d7482d541ad61f903dcbee16eb71f5336e73cbb

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4

SRPM
gvisor-tap-vsock-0.7.3-5.el9_4.1.src.rpm SHA-256: 7db2e0fc5e870ccc136509ee75b25697642ebfe0ee39acb6c1fb7b77120c173b
aarch64
gvisor-tap-vsock-0.7.3-5.el9_4.1.aarch64.rpm SHA-256: c23e74224024ed818eeb9dcb3d5d152e5f348cd56d2c6ba35c2620a83c5d2907
gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.1.aarch64.rpm SHA-256: 8c81af46c34ac27d88e20709cd43b3544200c2a2b580bace073ed0627b69c1d9
gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.1.aarch64.rpm SHA-256: 017c25fc2e091f64a2dd80e389a4a9473d8166fa0a22ad8a797a4d2efe31709d

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4

SRPM
gvisor-tap-vsock-0.7.3-5.el9_4.1.src.rpm SHA-256: 7db2e0fc5e870ccc136509ee75b25697642ebfe0ee39acb6c1fb7b77120c173b
ppc64le
gvisor-tap-vsock-0.7.3-5.el9_4.1.ppc64le.rpm SHA-256: c807d88a12a2c562888b90957e8a4649693d510afe4ee004427fc99f2bac0df8
gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.1.ppc64le.rpm SHA-256: c9b756d96a68404657d10f0464a224d4e83afb17279d58b8e3a26b1fe9afa680
gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.1.ppc64le.rpm SHA-256: 26e2259d4dff5fdc3e2055af4cf1b0e421ec28f73bdec76aecd7a499f64342a9

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4

SRPM
gvisor-tap-vsock-0.7.3-5.el9_4.1.src.rpm SHA-256: 7db2e0fc5e870ccc136509ee75b25697642ebfe0ee39acb6c1fb7b77120c173b
s390x
gvisor-tap-vsock-0.7.3-5.el9_4.1.s390x.rpm SHA-256: 1287576f8e8bbb0e183e3497b0781fd590d80324ab9aac542cc4c2eee30ae7ad
gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.1.s390x.rpm SHA-256: ad94278b15d76a409606c7c2ba4de71e792f9c8297f86ee8c5f70a7cf5f76072
gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.1.s390x.rpm SHA-256: adf9762abb439f7d02d5323b0209422ce402113df280cf3c1f6f5d406fcdcf2e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.