Issued:: 2025-05-13
Updated:: 2025-05-13

RHSA-2025:7484 - Security Advisory

Overview
Updated Packages

Synopsis

Important: gvisor-tap-vsock security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.

Security Fix(es):

golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 10 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
Red Hat Enterprise Linux for IBM z Systems 10 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
Red Hat Enterprise Linux for Power, little endian 10 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
Red Hat Enterprise Linux for ARM 64 10 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

BZ - 2348367 - CVE-2025-22869 golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

CVEs

CVE-2025-22869

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 10

SRPM
gvisor-tap-vsock-0.8.5-1.el10_0.src.rpm	SHA-256: fd8a62142fddf91d078bf7ecd1047c8f5d49d00a2f34dd2936842dbef4947d01
x86_64
gvisor-tap-vsock-0.8.5-1.el10_0.x86_64.rpm	SHA-256: b02de7d0e16cbb93d12688dfb7e3e529138fd6afd019a556297704d2faf65b40
gvisor-tap-vsock-debuginfo-0.8.5-1.el10_0.x86_64.rpm	SHA-256: 6e1bf86a42e017a75955a8ad022d21edb1a8affbabbaa11917e5dc219a3185b8
gvisor-tap-vsock-debugsource-0.8.5-1.el10_0.x86_64.rpm	SHA-256: d85cd1ecdf37246037dbb0e98d5d8bd10a58ed37fe2f9ef6a243333cce602d49
gvisor-tap-vsock-gvforwarder-0.8.5-1.el10_0.x86_64.rpm	SHA-256: 1b0782ced74b57c56b2d501679b6de8dd90d7fcc46761b6c47356b4681b313b1
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el10_0.x86_64.rpm	SHA-256: 92bd0126fe0d94560a7084251d25ddecc44b7a2233e730601072cdf33c79a24a

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
gvisor-tap-vsock-0.8.5-1.el10_0.src.rpm	SHA-256: fd8a62142fddf91d078bf7ecd1047c8f5d49d00a2f34dd2936842dbef4947d01
x86_64
gvisor-tap-vsock-0.8.5-1.el10_0.x86_64.rpm	SHA-256: b02de7d0e16cbb93d12688dfb7e3e529138fd6afd019a556297704d2faf65b40
gvisor-tap-vsock-debuginfo-0.8.5-1.el10_0.x86_64.rpm	SHA-256: 6e1bf86a42e017a75955a8ad022d21edb1a8affbabbaa11917e5dc219a3185b8
gvisor-tap-vsock-debugsource-0.8.5-1.el10_0.x86_64.rpm	SHA-256: d85cd1ecdf37246037dbb0e98d5d8bd10a58ed37fe2f9ef6a243333cce602d49
gvisor-tap-vsock-gvforwarder-0.8.5-1.el10_0.x86_64.rpm	SHA-256: 1b0782ced74b57c56b2d501679b6de8dd90d7fcc46761b6c47356b4681b313b1
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el10_0.x86_64.rpm	SHA-256: 92bd0126fe0d94560a7084251d25ddecc44b7a2233e730601072cdf33c79a24a

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
gvisor-tap-vsock-0.8.5-1.el10_0.src.rpm	SHA-256: fd8a62142fddf91d078bf7ecd1047c8f5d49d00a2f34dd2936842dbef4947d01
s390x
gvisor-tap-vsock-0.8.5-1.el10_0.s390x.rpm	SHA-256: 56792e8b35b5c72f3565e954f1664fdb540a8c5dbead3098aa725db2294b7bae
gvisor-tap-vsock-debuginfo-0.8.5-1.el10_0.s390x.rpm	SHA-256: 7ccce1b70662534c9b3d0b73681f7be496f2b42fe5ae12cfc6bb1aa6110edc34
gvisor-tap-vsock-debugsource-0.8.5-1.el10_0.s390x.rpm	SHA-256: a9133cad10fe69cff14b5aaa1f9b92306901e03ef7b47e70967fe3ab8f727e42
gvisor-tap-vsock-gvforwarder-0.8.5-1.el10_0.s390x.rpm	SHA-256: ac2f05fad7a295be6d4eda20f73a72f80b940908178ef14ffb37864449cb9578
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el10_0.s390x.rpm	SHA-256: 1b1f45844823fa260553dd93a7914caa94e511eb0cad5caf76d917435dab7bf7

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
gvisor-tap-vsock-0.8.5-1.el10_0.src.rpm	SHA-256: fd8a62142fddf91d078bf7ecd1047c8f5d49d00a2f34dd2936842dbef4947d01
s390x
gvisor-tap-vsock-0.8.5-1.el10_0.s390x.rpm	SHA-256: 56792e8b35b5c72f3565e954f1664fdb540a8c5dbead3098aa725db2294b7bae
gvisor-tap-vsock-debuginfo-0.8.5-1.el10_0.s390x.rpm	SHA-256: 7ccce1b70662534c9b3d0b73681f7be496f2b42fe5ae12cfc6bb1aa6110edc34
gvisor-tap-vsock-debugsource-0.8.5-1.el10_0.s390x.rpm	SHA-256: a9133cad10fe69cff14b5aaa1f9b92306901e03ef7b47e70967fe3ab8f727e42
gvisor-tap-vsock-gvforwarder-0.8.5-1.el10_0.s390x.rpm	SHA-256: ac2f05fad7a295be6d4eda20f73a72f80b940908178ef14ffb37864449cb9578
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el10_0.s390x.rpm	SHA-256: 1b1f45844823fa260553dd93a7914caa94e511eb0cad5caf76d917435dab7bf7

Red Hat Enterprise Linux for Power, little endian 10

SRPM
gvisor-tap-vsock-0.8.5-1.el10_0.src.rpm	SHA-256: fd8a62142fddf91d078bf7ecd1047c8f5d49d00a2f34dd2936842dbef4947d01
ppc64le
gvisor-tap-vsock-0.8.5-1.el10_0.ppc64le.rpm	SHA-256: e83c10ffdabf91960be19d3b5369f68af675fca492cb2bb2234a67978a208910
gvisor-tap-vsock-debuginfo-0.8.5-1.el10_0.ppc64le.rpm	SHA-256: 52dd8d41d6756af68bfa9e17e9e1a8456feae9d49ab576ba0ec744da916894ff
gvisor-tap-vsock-debugsource-0.8.5-1.el10_0.ppc64le.rpm	SHA-256: a2dab452cbd30f757bc22084c66e4c76df6eeba1af6d6ca091bb626e70f00a63
gvisor-tap-vsock-gvforwarder-0.8.5-1.el10_0.ppc64le.rpm	SHA-256: 2a44b09139e3521d78c604bffcedacbb126e34fd1dce447002832a8e895499a3
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el10_0.ppc64le.rpm	SHA-256: 65d156ed61acefcfb12d07a5b14a4a39e5874ab404f3f8b9fd6bb5722aade76a

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
gvisor-tap-vsock-0.8.5-1.el10_0.src.rpm	SHA-256: fd8a62142fddf91d078bf7ecd1047c8f5d49d00a2f34dd2936842dbef4947d01
ppc64le
gvisor-tap-vsock-0.8.5-1.el10_0.ppc64le.rpm	SHA-256: e83c10ffdabf91960be19d3b5369f68af675fca492cb2bb2234a67978a208910
gvisor-tap-vsock-debuginfo-0.8.5-1.el10_0.ppc64le.rpm	SHA-256: 52dd8d41d6756af68bfa9e17e9e1a8456feae9d49ab576ba0ec744da916894ff
gvisor-tap-vsock-debugsource-0.8.5-1.el10_0.ppc64le.rpm	SHA-256: a2dab452cbd30f757bc22084c66e4c76df6eeba1af6d6ca091bb626e70f00a63
gvisor-tap-vsock-gvforwarder-0.8.5-1.el10_0.ppc64le.rpm	SHA-256: 2a44b09139e3521d78c604bffcedacbb126e34fd1dce447002832a8e895499a3
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el10_0.ppc64le.rpm	SHA-256: 65d156ed61acefcfb12d07a5b14a4a39e5874ab404f3f8b9fd6bb5722aade76a

Red Hat Enterprise Linux for ARM 64 10

SRPM
gvisor-tap-vsock-0.8.5-1.el10_0.src.rpm	SHA-256: fd8a62142fddf91d078bf7ecd1047c8f5d49d00a2f34dd2936842dbef4947d01
aarch64
gvisor-tap-vsock-0.8.5-1.el10_0.aarch64.rpm	SHA-256: 0208dc8663e0e3a61bb6edecece42f827470beae2811621ccb52fcc77fa3ca0b
gvisor-tap-vsock-debuginfo-0.8.5-1.el10_0.aarch64.rpm	SHA-256: ebdc143c7250be9fb96c8b769aa73dd0145099e057f60d72f177256e393dd322
gvisor-tap-vsock-debugsource-0.8.5-1.el10_0.aarch64.rpm	SHA-256: cd12f765791e25683c5a78d1242b9ddeeb64dc4ad7499218cfc9a464bf9e8203
gvisor-tap-vsock-gvforwarder-0.8.5-1.el10_0.aarch64.rpm	SHA-256: 4791a3d48a761e21953705515b22596c41e9765d2c08258fd1094cadd082b3f0
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el10_0.aarch64.rpm	SHA-256: 802989b26217f8aec739e3d9d297c1d58bf4632ed7edfae70d052324f94ff14e

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
gvisor-tap-vsock-0.8.5-1.el10_0.src.rpm	SHA-256: fd8a62142fddf91d078bf7ecd1047c8f5d49d00a2f34dd2936842dbef4947d01
aarch64
gvisor-tap-vsock-0.8.5-1.el10_0.aarch64.rpm	SHA-256: 0208dc8663e0e3a61bb6edecece42f827470beae2811621ccb52fcc77fa3ca0b
gvisor-tap-vsock-debuginfo-0.8.5-1.el10_0.aarch64.rpm	SHA-256: ebdc143c7250be9fb96c8b769aa73dd0145099e057f60d72f177256e393dd322
gvisor-tap-vsock-debugsource-0.8.5-1.el10_0.aarch64.rpm	SHA-256: cd12f765791e25683c5a78d1242b9ddeeb64dc4ad7499218cfc9a464bf9e8203
gvisor-tap-vsock-gvforwarder-0.8.5-1.el10_0.aarch64.rpm	SHA-256: 4791a3d48a761e21953705515b22596c41e9765d2c08258fd1094cadd082b3f0
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el10_0.aarch64.rpm	SHA-256: 802989b26217f8aec739e3d9d297c1d58bf4632ed7edfae70d052324f94ff14e

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
gvisor-tap-vsock-0.8.5-1.el10_0.src.rpm	SHA-256: fd8a62142fddf91d078bf7ecd1047c8f5d49d00a2f34dd2936842dbef4947d01
aarch64
gvisor-tap-vsock-0.8.5-1.el10_0.aarch64.rpm	SHA-256: 0208dc8663e0e3a61bb6edecece42f827470beae2811621ccb52fcc77fa3ca0b
gvisor-tap-vsock-debuginfo-0.8.5-1.el10_0.aarch64.rpm	SHA-256: ebdc143c7250be9fb96c8b769aa73dd0145099e057f60d72f177256e393dd322
gvisor-tap-vsock-debugsource-0.8.5-1.el10_0.aarch64.rpm	SHA-256: cd12f765791e25683c5a78d1242b9ddeeb64dc4ad7499218cfc9a464bf9e8203
gvisor-tap-vsock-gvforwarder-0.8.5-1.el10_0.aarch64.rpm	SHA-256: 4791a3d48a761e21953705515b22596c41e9765d2c08258fd1094cadd082b3f0
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el10_0.aarch64.rpm	SHA-256: 802989b26217f8aec739e3d9d297c1d58bf4632ed7edfae70d052324f94ff14e

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
gvisor-tap-vsock-0.8.5-1.el10_0.src.rpm	SHA-256: fd8a62142fddf91d078bf7ecd1047c8f5d49d00a2f34dd2936842dbef4947d01
s390x
gvisor-tap-vsock-0.8.5-1.el10_0.s390x.rpm	SHA-256: 56792e8b35b5c72f3565e954f1664fdb540a8c5dbead3098aa725db2294b7bae
gvisor-tap-vsock-debuginfo-0.8.5-1.el10_0.s390x.rpm	SHA-256: 7ccce1b70662534c9b3d0b73681f7be496f2b42fe5ae12cfc6bb1aa6110edc34
gvisor-tap-vsock-debugsource-0.8.5-1.el10_0.s390x.rpm	SHA-256: a9133cad10fe69cff14b5aaa1f9b92306901e03ef7b47e70967fe3ab8f727e42
gvisor-tap-vsock-gvforwarder-0.8.5-1.el10_0.s390x.rpm	SHA-256: ac2f05fad7a295be6d4eda20f73a72f80b940908178ef14ffb37864449cb9578
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el10_0.s390x.rpm	SHA-256: 1b1f45844823fa260553dd93a7914caa94e511eb0cad5caf76d917435dab7bf7

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
gvisor-tap-vsock-0.8.5-1.el10_0.src.rpm	SHA-256: fd8a62142fddf91d078bf7ecd1047c8f5d49d00a2f34dd2936842dbef4947d01
ppc64le
gvisor-tap-vsock-0.8.5-1.el10_0.ppc64le.rpm	SHA-256: e83c10ffdabf91960be19d3b5369f68af675fca492cb2bb2234a67978a208910
gvisor-tap-vsock-debuginfo-0.8.5-1.el10_0.ppc64le.rpm	SHA-256: 52dd8d41d6756af68bfa9e17e9e1a8456feae9d49ab576ba0ec744da916894ff
gvisor-tap-vsock-debugsource-0.8.5-1.el10_0.ppc64le.rpm	SHA-256: a2dab452cbd30f757bc22084c66e4c76df6eeba1af6d6ca091bb626e70f00a63
gvisor-tap-vsock-gvforwarder-0.8.5-1.el10_0.ppc64le.rpm	SHA-256: 2a44b09139e3521d78c604bffcedacbb126e34fd1dce447002832a8e895499a3
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el10_0.ppc64le.rpm	SHA-256: 65d156ed61acefcfb12d07a5b14a4a39e5874ab404f3f8b9fd6bb5722aade76a

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
gvisor-tap-vsock-0.8.5-1.el10_0.src.rpm	SHA-256: fd8a62142fddf91d078bf7ecd1047c8f5d49d00a2f34dd2936842dbef4947d01
x86_64
gvisor-tap-vsock-0.8.5-1.el10_0.x86_64.rpm	SHA-256: b02de7d0e16cbb93d12688dfb7e3e529138fd6afd019a556297704d2faf65b40
gvisor-tap-vsock-debuginfo-0.8.5-1.el10_0.x86_64.rpm	SHA-256: 6e1bf86a42e017a75955a8ad022d21edb1a8affbabbaa11917e5dc219a3185b8
gvisor-tap-vsock-debugsource-0.8.5-1.el10_0.x86_64.rpm	SHA-256: d85cd1ecdf37246037dbb0e98d5d8bd10a58ed37fe2f9ef6a243333cce602d49
gvisor-tap-vsock-gvforwarder-0.8.5-1.el10_0.x86_64.rpm	SHA-256: 1b0782ced74b57c56b2d501679b6de8dd90d7fcc46761b6c47356b4681b313b1
gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-1.el10_0.x86_64.rpm	SHA-256: 92bd0126fe0d94560a7084251d25ddecc44b7a2233e730601072cdf33c79a24a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation