Issued:: 2025-05-13
Updated:: 2025-05-13

RHSA-2025:7416 - Security Advisory

Overview
Updated Packages

Synopsis

Important: gvisor-tap-vsock security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.

Security Fix(es):

golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
Red Hat Enterprise Linux Server - AUS 9.6 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x

Fixes

BZ - 2348367 - CVE-2025-22869 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

CVEs

CVE-2025-22869

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
gvisor-tap-vsock-0.8.5-1.el9_6.src.rpm	SHA-256: d431bac6775366c5b39ad791ca4a49c35c63d5d24242c6bc663e272c766ebc07
x86_64
gvisor-tap-vsock-0.8.5-1.el9_6.x86_64.rpm	SHA-256: 03564db3b251d006b9bf1e565d2b986cef235a70905e3250e0fc1c877bfa765f
gvisor-tap-vsock-debuginfo-0.8.5-1.el9_6.x86_64.rpm	SHA-256: 8be83a1994d0c3d3adcd2f1cba27827cab05a7f269a5a08e1d27595dca4160e8
gvisor-tap-vsock-debugsource-0.8.5-1.el9_6.x86_64.rpm	SHA-256: c07d468907d6af06f5995b1f7016e40423d69249095978ab5bc24529f1aea8a4
gvisor-tap-vsock-gvforwarder-0.8.5-1.el9_6.x86_64.rpm	SHA-256: 9d4910bff7560d4845d913c95b00081f2714b30c9702ce0c9f4183fcf676a452
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el9_6.x86_64.rpm	SHA-256: 30c43ed2bf4a639ef20d77096d024abba2017aa7e623ffa2c871815139277c60

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
gvisor-tap-vsock-0.8.5-1.el9_6.src.rpm	SHA-256: d431bac6775366c5b39ad791ca4a49c35c63d5d24242c6bc663e272c766ebc07
x86_64
gvisor-tap-vsock-0.8.5-1.el9_6.x86_64.rpm	SHA-256: 03564db3b251d006b9bf1e565d2b986cef235a70905e3250e0fc1c877bfa765f
gvisor-tap-vsock-debuginfo-0.8.5-1.el9_6.x86_64.rpm	SHA-256: 8be83a1994d0c3d3adcd2f1cba27827cab05a7f269a5a08e1d27595dca4160e8
gvisor-tap-vsock-debugsource-0.8.5-1.el9_6.x86_64.rpm	SHA-256: c07d468907d6af06f5995b1f7016e40423d69249095978ab5bc24529f1aea8a4
gvisor-tap-vsock-gvforwarder-0.8.5-1.el9_6.x86_64.rpm	SHA-256: 9d4910bff7560d4845d913c95b00081f2714b30c9702ce0c9f4183fcf676a452
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el9_6.x86_64.rpm	SHA-256: 30c43ed2bf4a639ef20d77096d024abba2017aa7e623ffa2c871815139277c60

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
gvisor-tap-vsock-0.8.5-1.el9_6.src.rpm	SHA-256: d431bac6775366c5b39ad791ca4a49c35c63d5d24242c6bc663e272c766ebc07
x86_64
gvisor-tap-vsock-0.8.5-1.el9_6.x86_64.rpm	SHA-256: 03564db3b251d006b9bf1e565d2b986cef235a70905e3250e0fc1c877bfa765f
gvisor-tap-vsock-debuginfo-0.8.5-1.el9_6.x86_64.rpm	SHA-256: 8be83a1994d0c3d3adcd2f1cba27827cab05a7f269a5a08e1d27595dca4160e8
gvisor-tap-vsock-debugsource-0.8.5-1.el9_6.x86_64.rpm	SHA-256: c07d468907d6af06f5995b1f7016e40423d69249095978ab5bc24529f1aea8a4
gvisor-tap-vsock-gvforwarder-0.8.5-1.el9_6.x86_64.rpm	SHA-256: 9d4910bff7560d4845d913c95b00081f2714b30c9702ce0c9f4183fcf676a452
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el9_6.x86_64.rpm	SHA-256: 30c43ed2bf4a639ef20d77096d024abba2017aa7e623ffa2c871815139277c60

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
gvisor-tap-vsock-0.8.5-1.el9_6.src.rpm	SHA-256: d431bac6775366c5b39ad791ca4a49c35c63d5d24242c6bc663e272c766ebc07
s390x
gvisor-tap-vsock-0.8.5-1.el9_6.s390x.rpm	SHA-256: b093df7ada2e60cc9211f1258cdc8b83ed741804f7fd7e436a1abc6161da6de8
gvisor-tap-vsock-debuginfo-0.8.5-1.el9_6.s390x.rpm	SHA-256: 05e642599dfb35d8b0cad4ed3279bc7096669d900aa2a20f8a93ba6ac9f28a1e
gvisor-tap-vsock-debugsource-0.8.5-1.el9_6.s390x.rpm	SHA-256: 8e38a95077182bb88293d15d08883c227d825d2173e33726ebcba70ca5e2cdbe
gvisor-tap-vsock-gvforwarder-0.8.5-1.el9_6.s390x.rpm	SHA-256: e157bc87174266d783abd3e85a5be5a4f05dac57b9aed4032116682804840b34
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el9_6.s390x.rpm	SHA-256: a35b6c12203ac933203ec308e7eeb71f41dcbec855fa3f5c509703ad35fbacc8

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
gvisor-tap-vsock-0.8.5-1.el9_6.src.rpm	SHA-256: d431bac6775366c5b39ad791ca4a49c35c63d5d24242c6bc663e272c766ebc07
s390x
gvisor-tap-vsock-0.8.5-1.el9_6.s390x.rpm	SHA-256: b093df7ada2e60cc9211f1258cdc8b83ed741804f7fd7e436a1abc6161da6de8
gvisor-tap-vsock-debuginfo-0.8.5-1.el9_6.s390x.rpm	SHA-256: 05e642599dfb35d8b0cad4ed3279bc7096669d900aa2a20f8a93ba6ac9f28a1e
gvisor-tap-vsock-debugsource-0.8.5-1.el9_6.s390x.rpm	SHA-256: 8e38a95077182bb88293d15d08883c227d825d2173e33726ebcba70ca5e2cdbe
gvisor-tap-vsock-gvforwarder-0.8.5-1.el9_6.s390x.rpm	SHA-256: e157bc87174266d783abd3e85a5be5a4f05dac57b9aed4032116682804840b34
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el9_6.s390x.rpm	SHA-256: a35b6c12203ac933203ec308e7eeb71f41dcbec855fa3f5c509703ad35fbacc8

Red Hat Enterprise Linux for Power, little endian 9

SRPM
gvisor-tap-vsock-0.8.5-1.el9_6.src.rpm	SHA-256: d431bac6775366c5b39ad791ca4a49c35c63d5d24242c6bc663e272c766ebc07
ppc64le
gvisor-tap-vsock-0.8.5-1.el9_6.ppc64le.rpm	SHA-256: 39af282f497ece4706e98a997fd88ed0f06965adefcba3d5f08188a6aab0cef2
gvisor-tap-vsock-debuginfo-0.8.5-1.el9_6.ppc64le.rpm	SHA-256: ce8d8758722b5a56da942b4690f51744d05055e878e475ceed6f4a2e4d3be04b
gvisor-tap-vsock-debugsource-0.8.5-1.el9_6.ppc64le.rpm	SHA-256: dd82fcc00c65b106684912b4363eec793728163c1495ab705d69e287083de092
gvisor-tap-vsock-gvforwarder-0.8.5-1.el9_6.ppc64le.rpm	SHA-256: d1aeea9626d189713933834f72646b45f2de67455d35249b601dfdc5c285b071
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el9_6.ppc64le.rpm	SHA-256: 9945f4c49d13a53ef573fa34a48584a8979b913b807c7754c4938ef8c6b57165

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
gvisor-tap-vsock-0.8.5-1.el9_6.src.rpm	SHA-256: d431bac6775366c5b39ad791ca4a49c35c63d5d24242c6bc663e272c766ebc07
ppc64le
gvisor-tap-vsock-0.8.5-1.el9_6.ppc64le.rpm	SHA-256: 39af282f497ece4706e98a997fd88ed0f06965adefcba3d5f08188a6aab0cef2
gvisor-tap-vsock-debuginfo-0.8.5-1.el9_6.ppc64le.rpm	SHA-256: ce8d8758722b5a56da942b4690f51744d05055e878e475ceed6f4a2e4d3be04b
gvisor-tap-vsock-debugsource-0.8.5-1.el9_6.ppc64le.rpm	SHA-256: dd82fcc00c65b106684912b4363eec793728163c1495ab705d69e287083de092
gvisor-tap-vsock-gvforwarder-0.8.5-1.el9_6.ppc64le.rpm	SHA-256: d1aeea9626d189713933834f72646b45f2de67455d35249b601dfdc5c285b071
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el9_6.ppc64le.rpm	SHA-256: 9945f4c49d13a53ef573fa34a48584a8979b913b807c7754c4938ef8c6b57165

Red Hat Enterprise Linux for ARM 64 9

SRPM
gvisor-tap-vsock-0.8.5-1.el9_6.src.rpm	SHA-256: d431bac6775366c5b39ad791ca4a49c35c63d5d24242c6bc663e272c766ebc07
aarch64
gvisor-tap-vsock-0.8.5-1.el9_6.aarch64.rpm	SHA-256: 33e9b1172f861c3e7abac09d1028b292e8e3b759315418fc592ab7080ce17a9e
gvisor-tap-vsock-debuginfo-0.8.5-1.el9_6.aarch64.rpm	SHA-256: 88062ba694e10c4d5bef418824191c6e760ef23bfd8aec462ab394566c04890e
gvisor-tap-vsock-debugsource-0.8.5-1.el9_6.aarch64.rpm	SHA-256: 24e3b7209a43a1c9670ae2d55ceb029d6649aa96437d73db7a4bea2a9059a3c2
gvisor-tap-vsock-gvforwarder-0.8.5-1.el9_6.aarch64.rpm	SHA-256: b6aad7c2878b9541fb5eeb87a4cf6f964cbc87e0648af8a60b2a52438d44ed1a
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el9_6.aarch64.rpm	SHA-256: 34bdd5a2f9cfaf5939bcbb23624762e334365183a2b4f2da987c75156f987e3c

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
gvisor-tap-vsock-0.8.5-1.el9_6.src.rpm	SHA-256: d431bac6775366c5b39ad791ca4a49c35c63d5d24242c6bc663e272c766ebc07
aarch64
gvisor-tap-vsock-0.8.5-1.el9_6.aarch64.rpm	SHA-256: 33e9b1172f861c3e7abac09d1028b292e8e3b759315418fc592ab7080ce17a9e
gvisor-tap-vsock-debuginfo-0.8.5-1.el9_6.aarch64.rpm	SHA-256: 88062ba694e10c4d5bef418824191c6e760ef23bfd8aec462ab394566c04890e
gvisor-tap-vsock-debugsource-0.8.5-1.el9_6.aarch64.rpm	SHA-256: 24e3b7209a43a1c9670ae2d55ceb029d6649aa96437d73db7a4bea2a9059a3c2
gvisor-tap-vsock-gvforwarder-0.8.5-1.el9_6.aarch64.rpm	SHA-256: b6aad7c2878b9541fb5eeb87a4cf6f964cbc87e0648af8a60b2a52438d44ed1a
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el9_6.aarch64.rpm	SHA-256: 34bdd5a2f9cfaf5939bcbb23624762e334365183a2b4f2da987c75156f987e3c

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
gvisor-tap-vsock-0.8.5-1.el9_6.src.rpm	SHA-256: d431bac6775366c5b39ad791ca4a49c35c63d5d24242c6bc663e272c766ebc07
ppc64le
gvisor-tap-vsock-0.8.5-1.el9_6.ppc64le.rpm	SHA-256: 39af282f497ece4706e98a997fd88ed0f06965adefcba3d5f08188a6aab0cef2
gvisor-tap-vsock-debuginfo-0.8.5-1.el9_6.ppc64le.rpm	SHA-256: ce8d8758722b5a56da942b4690f51744d05055e878e475ceed6f4a2e4d3be04b
gvisor-tap-vsock-debugsource-0.8.5-1.el9_6.ppc64le.rpm	SHA-256: dd82fcc00c65b106684912b4363eec793728163c1495ab705d69e287083de092
gvisor-tap-vsock-gvforwarder-0.8.5-1.el9_6.ppc64le.rpm	SHA-256: d1aeea9626d189713933834f72646b45f2de67455d35249b601dfdc5c285b071
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el9_6.ppc64le.rpm	SHA-256: 9945f4c49d13a53ef573fa34a48584a8979b913b807c7754c4938ef8c6b57165

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
gvisor-tap-vsock-0.8.5-1.el9_6.src.rpm	SHA-256: d431bac6775366c5b39ad791ca4a49c35c63d5d24242c6bc663e272c766ebc07
x86_64
gvisor-tap-vsock-0.8.5-1.el9_6.x86_64.rpm	SHA-256: 03564db3b251d006b9bf1e565d2b986cef235a70905e3250e0fc1c877bfa765f
gvisor-tap-vsock-debuginfo-0.8.5-1.el9_6.x86_64.rpm	SHA-256: 8be83a1994d0c3d3adcd2f1cba27827cab05a7f269a5a08e1d27595dca4160e8
gvisor-tap-vsock-debugsource-0.8.5-1.el9_6.x86_64.rpm	SHA-256: c07d468907d6af06f5995b1f7016e40423d69249095978ab5bc24529f1aea8a4
gvisor-tap-vsock-gvforwarder-0.8.5-1.el9_6.x86_64.rpm	SHA-256: 9d4910bff7560d4845d913c95b00081f2714b30c9702ce0c9f4183fcf676a452
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el9_6.x86_64.rpm	SHA-256: 30c43ed2bf4a639ef20d77096d024abba2017aa7e623ffa2c871815139277c60

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
gvisor-tap-vsock-0.8.5-1.el9_6.src.rpm	SHA-256: d431bac6775366c5b39ad791ca4a49c35c63d5d24242c6bc663e272c766ebc07
aarch64
gvisor-tap-vsock-0.8.5-1.el9_6.aarch64.rpm	SHA-256: 33e9b1172f861c3e7abac09d1028b292e8e3b759315418fc592ab7080ce17a9e
gvisor-tap-vsock-debuginfo-0.8.5-1.el9_6.aarch64.rpm	SHA-256: 88062ba694e10c4d5bef418824191c6e760ef23bfd8aec462ab394566c04890e
gvisor-tap-vsock-debugsource-0.8.5-1.el9_6.aarch64.rpm	SHA-256: 24e3b7209a43a1c9670ae2d55ceb029d6649aa96437d73db7a4bea2a9059a3c2
gvisor-tap-vsock-gvforwarder-0.8.5-1.el9_6.aarch64.rpm	SHA-256: b6aad7c2878b9541fb5eeb87a4cf6f964cbc87e0648af8a60b2a52438d44ed1a
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el9_6.aarch64.rpm	SHA-256: 34bdd5a2f9cfaf5939bcbb23624762e334365183a2b4f2da987c75156f987e3c

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
gvisor-tap-vsock-0.8.5-1.el9_6.src.rpm	SHA-256: d431bac6775366c5b39ad791ca4a49c35c63d5d24242c6bc663e272c766ebc07
s390x
gvisor-tap-vsock-0.8.5-1.el9_6.s390x.rpm	SHA-256: b093df7ada2e60cc9211f1258cdc8b83ed741804f7fd7e436a1abc6161da6de8
gvisor-tap-vsock-debuginfo-0.8.5-1.el9_6.s390x.rpm	SHA-256: 05e642599dfb35d8b0cad4ed3279bc7096669d900aa2a20f8a93ba6ac9f28a1e
gvisor-tap-vsock-debugsource-0.8.5-1.el9_6.s390x.rpm	SHA-256: 8e38a95077182bb88293d15d08883c227d825d2173e33726ebcba70ca5e2cdbe
gvisor-tap-vsock-gvforwarder-0.8.5-1.el9_6.s390x.rpm	SHA-256: e157bc87174266d783abd3e85a5be5a4f05dac57b9aed4032116682804840b34
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el9_6.s390x.rpm	SHA-256: a35b6c12203ac933203ec308e7eeb71f41dcbec855fa3f5c509703ad35fbacc8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation