Red Hat Product Errata RHSA-2026:0424 - Security Advisory
Issued:
2026-01-12
Updated:
2026-01-12

RHSA-2026:0424 - Security Advisory

Synopsis

Important: podman security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for podman is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fix(es):

  • runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881)
  • golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

  • BZ - 2404715 - CVE-2025-52881 runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects
  • BZ - 2407258 - CVE-2025-58183 golang: archive/tar: Unbounded allocation when parsing GNU sparse map
  • RHEL-132854 - do not pass volume options as bind mounts options to runtime

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
podman-4.9.4-19.el9_4.5.src.rpm SHA-256: 0b92d11657f7764a0a4d6e4c2e654863a666f8f49a8cb5be94712bbc67c23bdd
x86_64
podman-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 43a6bfeeefbf8b76c4330b73a6bdbd5f62c3c16bd128cf2ae406fa5f1a84b8a2
podman-debuginfo-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 576a7b33a520adbb845aa97d2f888b45396846ddc00459f2540e3dcaf610f277
podman-debugsource-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: d4b6dbc967c82aeb6649ad0d8a03540d62e0be1e8c7c4c67452311220d4bcc1c
podman-docker-4.9.4-19.el9_4.5.noarch.rpm SHA-256: b40a9015bfdb9abaec08d6a65abda5273face39ee0704cf5561b5bc6d3af71a8
podman-plugins-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 5d0b06df131e4b127b562906a6cabeb79d02899ce323f6cd8e1c147ec87bc1dd
podman-plugins-debuginfo-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 3ecc10a1bb4e734d263eb324736bd8c691115077a090381061389c5300d86261
podman-remote-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 23b1f216d25210a24bd2b6a77b60d96fde6b7571029f33b88f44d3b4e38f6ff8
podman-remote-debuginfo-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: c51710e621eea51f98d7566edfee1e36f22709f0e3aebb69d6397b59ad83083b
podman-tests-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 073d3c14f61c9f644607e9dd7a4e68883aad804d2aba429687e539ef349f934c

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
podman-4.9.4-19.el9_4.5.src.rpm SHA-256: 0b92d11657f7764a0a4d6e4c2e654863a666f8f49a8cb5be94712bbc67c23bdd
x86_64
podman-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 43a6bfeeefbf8b76c4330b73a6bdbd5f62c3c16bd128cf2ae406fa5f1a84b8a2
podman-debuginfo-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 576a7b33a520adbb845aa97d2f888b45396846ddc00459f2540e3dcaf610f277
podman-debugsource-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: d4b6dbc967c82aeb6649ad0d8a03540d62e0be1e8c7c4c67452311220d4bcc1c
podman-docker-4.9.4-19.el9_4.5.noarch.rpm SHA-256: b40a9015bfdb9abaec08d6a65abda5273face39ee0704cf5561b5bc6d3af71a8
podman-plugins-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 5d0b06df131e4b127b562906a6cabeb79d02899ce323f6cd8e1c147ec87bc1dd
podman-plugins-debuginfo-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 3ecc10a1bb4e734d263eb324736bd8c691115077a090381061389c5300d86261
podman-remote-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 23b1f216d25210a24bd2b6a77b60d96fde6b7571029f33b88f44d3b4e38f6ff8
podman-remote-debuginfo-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: c51710e621eea51f98d7566edfee1e36f22709f0e3aebb69d6397b59ad83083b
podman-tests-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 073d3c14f61c9f644607e9dd7a4e68883aad804d2aba429687e539ef349f934c

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
podman-4.9.4-19.el9_4.5.src.rpm SHA-256: 0b92d11657f7764a0a4d6e4c2e654863a666f8f49a8cb5be94712bbc67c23bdd
s390x
podman-4.9.4-19.el9_4.5.s390x.rpm SHA-256: 53df5f3ea88c61b59b9989dfe8d91dfb9f10b31338bba7403c859a1029da262a
podman-debuginfo-4.9.4-19.el9_4.5.s390x.rpm SHA-256: 560d95da60c0c92cf6f9102dac6935f4f548fd08930eef095e58dfa5ed9815cb
podman-debugsource-4.9.4-19.el9_4.5.s390x.rpm SHA-256: f47b376bd2884f00620ec5d3c35c8dc864ac32bd46ea45a75cade8a759ea73b8
podman-docker-4.9.4-19.el9_4.5.noarch.rpm SHA-256: b40a9015bfdb9abaec08d6a65abda5273face39ee0704cf5561b5bc6d3af71a8
podman-plugins-4.9.4-19.el9_4.5.s390x.rpm SHA-256: b8b18ccdeca3151fec96befaa67b1601ba5eb09e2d153d9750b5a3a3c25b3de4
podman-plugins-debuginfo-4.9.4-19.el9_4.5.s390x.rpm SHA-256: 73ad057d8c72c0eb6fcd855f0c1f0ef34d56d77e7bd0fb492bd7e2c1eea25369
podman-remote-4.9.4-19.el9_4.5.s390x.rpm SHA-256: 69c460cfe9a7fba615f5a68c97e8827ad60f098755fd35a1cd390ce653ba8f5b
podman-remote-debuginfo-4.9.4-19.el9_4.5.s390x.rpm SHA-256: 0e230be05af0385192839aea7d1cda10ad1e2d8eb58c3ac25a8dd5f553aa6cfa
podman-tests-4.9.4-19.el9_4.5.s390x.rpm SHA-256: d5fea3107488e53e3f089f276488f479eaeba498946da6c49a134e349be30dd8

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
podman-4.9.4-19.el9_4.5.src.rpm SHA-256: 0b92d11657f7764a0a4d6e4c2e654863a666f8f49a8cb5be94712bbc67c23bdd
ppc64le
podman-4.9.4-19.el9_4.5.ppc64le.rpm SHA-256: f4e4486da48991623c00286972d62c9a0c795f03179fb8f110cd76c78d6cfb48
podman-debuginfo-4.9.4-19.el9_4.5.ppc64le.rpm SHA-256: 8c3ced44c1fe53f3150fdb22e808956509965852545cdef0c68f347d23d78ab0
podman-debugsource-4.9.4-19.el9_4.5.ppc64le.rpm SHA-256: ebcbbc8aa98cdd1da8bbf3a28dd68f49aa5725b22a7d9a3980179ea6416b7f69
podman-docker-4.9.4-19.el9_4.5.noarch.rpm SHA-256: b40a9015bfdb9abaec08d6a65abda5273face39ee0704cf5561b5bc6d3af71a8
podman-plugins-4.9.4-19.el9_4.5.ppc64le.rpm SHA-256: 3dc64a442f5add98d4e06a4211cbb36fbfc0760a05a32f1d47e3c090b51a627b
podman-plugins-debuginfo-4.9.4-19.el9_4.5.ppc64le.rpm SHA-256: be388b54a848bb4bd721d88f34249d29e0f4127933bc6f557cccae3f1b3fd38f
podman-remote-4.9.4-19.el9_4.5.ppc64le.rpm SHA-256: e806e69a4eb489fbdeedc39b34ac3a1510e44b1974272668b5c52c4d9ec54867
podman-remote-debuginfo-4.9.4-19.el9_4.5.ppc64le.rpm SHA-256: d831a3487794337a9da54f104a4d798305fe249eb1f034129e3f15921b84ab46
podman-tests-4.9.4-19.el9_4.5.ppc64le.rpm SHA-256: b66a5db0cc55ac4598d587ca3ae45f313474a2518d427452afb1dbb7a9ca81d9

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
podman-4.9.4-19.el9_4.5.src.rpm SHA-256: 0b92d11657f7764a0a4d6e4c2e654863a666f8f49a8cb5be94712bbc67c23bdd
aarch64
podman-4.9.4-19.el9_4.5.aarch64.rpm SHA-256: 56602646a815d32fb58cd38243ce494df9d37aa1668f8fabf0c597fe62ea7388
podman-debuginfo-4.9.4-19.el9_4.5.aarch64.rpm SHA-256: 9cd6c17d62c2d24edeb169cebe38a8e5b5dde726e4a25176ac36f9e3b098dc30
podman-debugsource-4.9.4-19.el9_4.5.aarch64.rpm SHA-256: aa8485c401849df3c8588e295a50566ccebd38af4dbc51c60a3e0a157c7ea1cd
podman-docker-4.9.4-19.el9_4.5.noarch.rpm SHA-256: b40a9015bfdb9abaec08d6a65abda5273face39ee0704cf5561b5bc6d3af71a8
podman-plugins-4.9.4-19.el9_4.5.aarch64.rpm SHA-256: 3c53f91b93a3bab220a5c6df3e528a5399ed5442a9e71311993b06b1895a20c2
podman-plugins-debuginfo-4.9.4-19.el9_4.5.aarch64.rpm SHA-256: da82b1b1a0bf043590ecff2e5f49732d949ddb3cab98c43bf3a3e8cab73fad92
podman-remote-4.9.4-19.el9_4.5.aarch64.rpm SHA-256: 83e091711520dfb4b1b2ed1ee37244889dd4a0b2036552888ed53b7a37cbe9d7
podman-remote-debuginfo-4.9.4-19.el9_4.5.aarch64.rpm SHA-256: 9732430a2ec54d96064065fe7748b29f3450268dab1263c4ccfc113d50b674aa
podman-tests-4.9.4-19.el9_4.5.aarch64.rpm SHA-256: 2fa5aa9f426bae1acc2c31887ab955a32b5f54970e317d3d4aec8b1ed6523726

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
podman-4.9.4-19.el9_4.5.src.rpm SHA-256: 0b92d11657f7764a0a4d6e4c2e654863a666f8f49a8cb5be94712bbc67c23bdd
ppc64le
podman-4.9.4-19.el9_4.5.ppc64le.rpm SHA-256: f4e4486da48991623c00286972d62c9a0c795f03179fb8f110cd76c78d6cfb48
podman-debuginfo-4.9.4-19.el9_4.5.ppc64le.rpm SHA-256: 8c3ced44c1fe53f3150fdb22e808956509965852545cdef0c68f347d23d78ab0
podman-debugsource-4.9.4-19.el9_4.5.ppc64le.rpm SHA-256: ebcbbc8aa98cdd1da8bbf3a28dd68f49aa5725b22a7d9a3980179ea6416b7f69
podman-docker-4.9.4-19.el9_4.5.noarch.rpm SHA-256: b40a9015bfdb9abaec08d6a65abda5273face39ee0704cf5561b5bc6d3af71a8
podman-plugins-4.9.4-19.el9_4.5.ppc64le.rpm SHA-256: 3dc64a442f5add98d4e06a4211cbb36fbfc0760a05a32f1d47e3c090b51a627b
podman-plugins-debuginfo-4.9.4-19.el9_4.5.ppc64le.rpm SHA-256: be388b54a848bb4bd721d88f34249d29e0f4127933bc6f557cccae3f1b3fd38f
podman-remote-4.9.4-19.el9_4.5.ppc64le.rpm SHA-256: e806e69a4eb489fbdeedc39b34ac3a1510e44b1974272668b5c52c4d9ec54867
podman-remote-debuginfo-4.9.4-19.el9_4.5.ppc64le.rpm SHA-256: d831a3487794337a9da54f104a4d798305fe249eb1f034129e3f15921b84ab46
podman-tests-4.9.4-19.el9_4.5.ppc64le.rpm SHA-256: b66a5db0cc55ac4598d587ca3ae45f313474a2518d427452afb1dbb7a9ca81d9

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
podman-4.9.4-19.el9_4.5.src.rpm SHA-256: 0b92d11657f7764a0a4d6e4c2e654863a666f8f49a8cb5be94712bbc67c23bdd
x86_64
podman-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 43a6bfeeefbf8b76c4330b73a6bdbd5f62c3c16bd128cf2ae406fa5f1a84b8a2
podman-debuginfo-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 576a7b33a520adbb845aa97d2f888b45396846ddc00459f2540e3dcaf610f277
podman-debugsource-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: d4b6dbc967c82aeb6649ad0d8a03540d62e0be1e8c7c4c67452311220d4bcc1c
podman-docker-4.9.4-19.el9_4.5.noarch.rpm SHA-256: b40a9015bfdb9abaec08d6a65abda5273face39ee0704cf5561b5bc6d3af71a8
podman-plugins-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 5d0b06df131e4b127b562906a6cabeb79d02899ce323f6cd8e1c147ec87bc1dd
podman-plugins-debuginfo-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 3ecc10a1bb4e734d263eb324736bd8c691115077a090381061389c5300d86261
podman-remote-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 23b1f216d25210a24bd2b6a77b60d96fde6b7571029f33b88f44d3b4e38f6ff8
podman-remote-debuginfo-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: c51710e621eea51f98d7566edfee1e36f22709f0e3aebb69d6397b59ad83083b
podman-tests-4.9.4-19.el9_4.5.x86_64.rpm SHA-256: 073d3c14f61c9f644607e9dd7a4e68883aad804d2aba429687e539ef349f934c

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
podman-4.9.4-19.el9_4.5.src.rpm SHA-256: 0b92d11657f7764a0a4d6e4c2e654863a666f8f49a8cb5be94712bbc67c23bdd
aarch64
podman-4.9.4-19.el9_4.5.aarch64.rpm SHA-256: 56602646a815d32fb58cd38243ce494df9d37aa1668f8fabf0c597fe62ea7388
podman-debuginfo-4.9.4-19.el9_4.5.aarch64.rpm SHA-256: 9cd6c17d62c2d24edeb169cebe38a8e5b5dde726e4a25176ac36f9e3b098dc30
podman-debugsource-4.9.4-19.el9_4.5.aarch64.rpm SHA-256: aa8485c401849df3c8588e295a50566ccebd38af4dbc51c60a3e0a157c7ea1cd
podman-docker-4.9.4-19.el9_4.5.noarch.rpm SHA-256: b40a9015bfdb9abaec08d6a65abda5273face39ee0704cf5561b5bc6d3af71a8
podman-plugins-4.9.4-19.el9_4.5.aarch64.rpm SHA-256: 3c53f91b93a3bab220a5c6df3e528a5399ed5442a9e71311993b06b1895a20c2
podman-plugins-debuginfo-4.9.4-19.el9_4.5.aarch64.rpm SHA-256: da82b1b1a0bf043590ecff2e5f49732d949ddb3cab98c43bf3a3e8cab73fad92
podman-remote-4.9.4-19.el9_4.5.aarch64.rpm SHA-256: 83e091711520dfb4b1b2ed1ee37244889dd4a0b2036552888ed53b7a37cbe9d7
podman-remote-debuginfo-4.9.4-19.el9_4.5.aarch64.rpm SHA-256: 9732430a2ec54d96064065fe7748b29f3450268dab1263c4ccfc113d50b674aa
podman-tests-4.9.4-19.el9_4.5.aarch64.rpm SHA-256: 2fa5aa9f426bae1acc2c31887ab955a32b5f54970e317d3d4aec8b1ed6523726

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
podman-4.9.4-19.el9_4.5.src.rpm SHA-256: 0b92d11657f7764a0a4d6e4c2e654863a666f8f49a8cb5be94712bbc67c23bdd
s390x
podman-4.9.4-19.el9_4.5.s390x.rpm SHA-256: 53df5f3ea88c61b59b9989dfe8d91dfb9f10b31338bba7403c859a1029da262a
podman-debuginfo-4.9.4-19.el9_4.5.s390x.rpm SHA-256: 560d95da60c0c92cf6f9102dac6935f4f548fd08930eef095e58dfa5ed9815cb
podman-debugsource-4.9.4-19.el9_4.5.s390x.rpm SHA-256: f47b376bd2884f00620ec5d3c35c8dc864ac32bd46ea45a75cade8a759ea73b8
podman-docker-4.9.4-19.el9_4.5.noarch.rpm SHA-256: b40a9015bfdb9abaec08d6a65abda5273face39ee0704cf5561b5bc6d3af71a8
podman-plugins-4.9.4-19.el9_4.5.s390x.rpm SHA-256: b8b18ccdeca3151fec96befaa67b1601ba5eb09e2d153d9750b5a3a3c25b3de4
podman-plugins-debuginfo-4.9.4-19.el9_4.5.s390x.rpm SHA-256: 73ad057d8c72c0eb6fcd855f0c1f0ef34d56d77e7bd0fb492bd7e2c1eea25369
podman-remote-4.9.4-19.el9_4.5.s390x.rpm SHA-256: 69c460cfe9a7fba615f5a68c97e8827ad60f098755fd35a1cd390ce653ba8f5b
podman-remote-debuginfo-4.9.4-19.el9_4.5.s390x.rpm SHA-256: 0e230be05af0385192839aea7d1cda10ad1e2d8eb58c3ac25a8dd5f553aa6cfa
podman-tests-4.9.4-19.el9_4.5.s390x.rpm SHA-256: d5fea3107488e53e3f089f276488f479eaeba498946da6c49a134e349be30dd8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.