Red Hat Product Errata RHSA-2026:0426 - Security Advisory
Issued:
2026-01-12
Updated:
2026-01-12

RHSA-2026:0426 - Security Advisory

Synopsis

Important: buildah security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for buildah is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.

Security Fix(es):

  • runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881)
  • golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

  • BZ - 2404715 - CVE-2025-52881 runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects
  • BZ - 2407258 - CVE-2025-58183 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
buildah-1.33.13-2.el9_4.1.src.rpm SHA-256: dce7b2f28260da2b643dbbd7dc430a6abdbc53c49e72fb516cf84900495ef1d9
x86_64
buildah-1.33.13-2.el9_4.1.x86_64.rpm SHA-256: d77310911fa8c75eb9a5ae16b65ac9ce7481ff7058ddd2535c25f2d08a00c45f
buildah-debuginfo-1.33.13-2.el9_4.1.x86_64.rpm SHA-256: 79e71b62b47cc1701f98c0c133cd4511ade9e735b1b222f9d6e791b652118a31
buildah-debugsource-1.33.13-2.el9_4.1.x86_64.rpm SHA-256: 325935910c862dcea918f493f0f465a2c7f1ba65f095c0189fc53e15f61012e7
buildah-tests-1.33.13-2.el9_4.1.x86_64.rpm SHA-256: de185978d04ce73488ca4dfcd4554cd82ac8e41fb842bfaecd51478463c90265
buildah-tests-debuginfo-1.33.13-2.el9_4.1.x86_64.rpm SHA-256: 1c1dd963f7804aaaa5ae5b61a15c18ce184dde9105c9d54e60fd8af8111e6495

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
buildah-1.33.13-2.el9_4.1.src.rpm SHA-256: dce7b2f28260da2b643dbbd7dc430a6abdbc53c49e72fb516cf84900495ef1d9
x86_64
buildah-1.33.13-2.el9_4.1.x86_64.rpm SHA-256: d77310911fa8c75eb9a5ae16b65ac9ce7481ff7058ddd2535c25f2d08a00c45f
buildah-debuginfo-1.33.13-2.el9_4.1.x86_64.rpm SHA-256: 79e71b62b47cc1701f98c0c133cd4511ade9e735b1b222f9d6e791b652118a31
buildah-debugsource-1.33.13-2.el9_4.1.x86_64.rpm SHA-256: 325935910c862dcea918f493f0f465a2c7f1ba65f095c0189fc53e15f61012e7
buildah-tests-1.33.13-2.el9_4.1.x86_64.rpm SHA-256: de185978d04ce73488ca4dfcd4554cd82ac8e41fb842bfaecd51478463c90265
buildah-tests-debuginfo-1.33.13-2.el9_4.1.x86_64.rpm SHA-256: 1c1dd963f7804aaaa5ae5b61a15c18ce184dde9105c9d54e60fd8af8111e6495

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
buildah-1.33.13-2.el9_4.1.src.rpm SHA-256: dce7b2f28260da2b643dbbd7dc430a6abdbc53c49e72fb516cf84900495ef1d9
s390x
buildah-1.33.13-2.el9_4.1.s390x.rpm SHA-256: 13cea6b91e7ebf404b43ff5b33f666a8683e473a2c5654c6f748e488a07350a6
buildah-debuginfo-1.33.13-2.el9_4.1.s390x.rpm SHA-256: 0bb1f2b67402e56428c8acba55868b807889999f8b21165eba4b2be29b269b57
buildah-debugsource-1.33.13-2.el9_4.1.s390x.rpm SHA-256: 9c6cace873e7a475fa00b729f46b334027eaa74ce7d8d7fca52362697048a741
buildah-tests-1.33.13-2.el9_4.1.s390x.rpm SHA-256: fa859b0c226d9d4a6f3cc4af96f11f658f69cd24154f1798d873470870b67cea
buildah-tests-debuginfo-1.33.13-2.el9_4.1.s390x.rpm SHA-256: f5226d9e3b3c80fc1ee31ad7cbfa4f5af9b822d9f9648316ec0e94bd07825ff0

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
buildah-1.33.13-2.el9_4.1.src.rpm SHA-256: dce7b2f28260da2b643dbbd7dc430a6abdbc53c49e72fb516cf84900495ef1d9
ppc64le
buildah-1.33.13-2.el9_4.1.ppc64le.rpm SHA-256: 40211e85dd650d94e88a8609f3b52e04babfbc93f74cc621e7dd51455a3ea194
buildah-debuginfo-1.33.13-2.el9_4.1.ppc64le.rpm SHA-256: b46cf0dd923756ac5a18202cd541cff2f725a0892075d9c07ca473ab0f4cc949
buildah-debugsource-1.33.13-2.el9_4.1.ppc64le.rpm SHA-256: d5e026a5c9e4fe11217040fe5301c194674107bb6c92e6d4691cbcd2040cbbe5
buildah-tests-1.33.13-2.el9_4.1.ppc64le.rpm SHA-256: d7885f5d64e7dfc08ed51621b6065a404b908f0b05a44ca73ddcf458f07ed62d
buildah-tests-debuginfo-1.33.13-2.el9_4.1.ppc64le.rpm SHA-256: 9a2821c2846379d77e726f02e783d7a181f4364f0f5aeca2ce156016bf24f47c

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
buildah-1.33.13-2.el9_4.1.src.rpm SHA-256: dce7b2f28260da2b643dbbd7dc430a6abdbc53c49e72fb516cf84900495ef1d9
aarch64
buildah-1.33.13-2.el9_4.1.aarch64.rpm SHA-256: 056b37bff98d52ebb9f6da13cb639a00ceaf228f2eef0c778bce2eaed9f1aafd
buildah-debuginfo-1.33.13-2.el9_4.1.aarch64.rpm SHA-256: f81f1ea2ad5945003e897162bc67ec8cffa0e093128a4313f58130533ee7c031
buildah-debugsource-1.33.13-2.el9_4.1.aarch64.rpm SHA-256: f1b0cc0211b716cb846893d2f37ab07893f801d9ab43be95c7ac0dd6b35140a7
buildah-tests-1.33.13-2.el9_4.1.aarch64.rpm SHA-256: 4c66cb36a880a9b247ecafd2c1d425bab70cb4002a2bff770344f7aba5e405e7
buildah-tests-debuginfo-1.33.13-2.el9_4.1.aarch64.rpm SHA-256: 08e4314b0262ed92a13fd9b93b886cb2b7685e8864ef89c05ef8df90211225db

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
buildah-1.33.13-2.el9_4.1.src.rpm SHA-256: dce7b2f28260da2b643dbbd7dc430a6abdbc53c49e72fb516cf84900495ef1d9
ppc64le
buildah-1.33.13-2.el9_4.1.ppc64le.rpm SHA-256: 40211e85dd650d94e88a8609f3b52e04babfbc93f74cc621e7dd51455a3ea194
buildah-debuginfo-1.33.13-2.el9_4.1.ppc64le.rpm SHA-256: b46cf0dd923756ac5a18202cd541cff2f725a0892075d9c07ca473ab0f4cc949
buildah-debugsource-1.33.13-2.el9_4.1.ppc64le.rpm SHA-256: d5e026a5c9e4fe11217040fe5301c194674107bb6c92e6d4691cbcd2040cbbe5
buildah-tests-1.33.13-2.el9_4.1.ppc64le.rpm SHA-256: d7885f5d64e7dfc08ed51621b6065a404b908f0b05a44ca73ddcf458f07ed62d
buildah-tests-debuginfo-1.33.13-2.el9_4.1.ppc64le.rpm SHA-256: 9a2821c2846379d77e726f02e783d7a181f4364f0f5aeca2ce156016bf24f47c

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
buildah-1.33.13-2.el9_4.1.src.rpm SHA-256: dce7b2f28260da2b643dbbd7dc430a6abdbc53c49e72fb516cf84900495ef1d9
x86_64
buildah-1.33.13-2.el9_4.1.x86_64.rpm SHA-256: d77310911fa8c75eb9a5ae16b65ac9ce7481ff7058ddd2535c25f2d08a00c45f
buildah-debuginfo-1.33.13-2.el9_4.1.x86_64.rpm SHA-256: 79e71b62b47cc1701f98c0c133cd4511ade9e735b1b222f9d6e791b652118a31
buildah-debugsource-1.33.13-2.el9_4.1.x86_64.rpm SHA-256: 325935910c862dcea918f493f0f465a2c7f1ba65f095c0189fc53e15f61012e7
buildah-tests-1.33.13-2.el9_4.1.x86_64.rpm SHA-256: de185978d04ce73488ca4dfcd4554cd82ac8e41fb842bfaecd51478463c90265
buildah-tests-debuginfo-1.33.13-2.el9_4.1.x86_64.rpm SHA-256: 1c1dd963f7804aaaa5ae5b61a15c18ce184dde9105c9d54e60fd8af8111e6495

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
buildah-1.33.13-2.el9_4.1.src.rpm SHA-256: dce7b2f28260da2b643dbbd7dc430a6abdbc53c49e72fb516cf84900495ef1d9
aarch64
buildah-1.33.13-2.el9_4.1.aarch64.rpm SHA-256: 056b37bff98d52ebb9f6da13cb639a00ceaf228f2eef0c778bce2eaed9f1aafd
buildah-debuginfo-1.33.13-2.el9_4.1.aarch64.rpm SHA-256: f81f1ea2ad5945003e897162bc67ec8cffa0e093128a4313f58130533ee7c031
buildah-debugsource-1.33.13-2.el9_4.1.aarch64.rpm SHA-256: f1b0cc0211b716cb846893d2f37ab07893f801d9ab43be95c7ac0dd6b35140a7
buildah-tests-1.33.13-2.el9_4.1.aarch64.rpm SHA-256: 4c66cb36a880a9b247ecafd2c1d425bab70cb4002a2bff770344f7aba5e405e7
buildah-tests-debuginfo-1.33.13-2.el9_4.1.aarch64.rpm SHA-256: 08e4314b0262ed92a13fd9b93b886cb2b7685e8864ef89c05ef8df90211225db

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
buildah-1.33.13-2.el9_4.1.src.rpm SHA-256: dce7b2f28260da2b643dbbd7dc430a6abdbc53c49e72fb516cf84900495ef1d9
s390x
buildah-1.33.13-2.el9_4.1.s390x.rpm SHA-256: 13cea6b91e7ebf404b43ff5b33f666a8683e473a2c5654c6f748e488a07350a6
buildah-debuginfo-1.33.13-2.el9_4.1.s390x.rpm SHA-256: 0bb1f2b67402e56428c8acba55868b807889999f8b21165eba4b2be29b269b57
buildah-debugsource-1.33.13-2.el9_4.1.s390x.rpm SHA-256: 9c6cace873e7a475fa00b729f46b334027eaa74ce7d8d7fca52362697048a741
buildah-tests-1.33.13-2.el9_4.1.s390x.rpm SHA-256: fa859b0c226d9d4a6f3cc4af96f11f658f69cd24154f1798d873470870b67cea
buildah-tests-debuginfo-1.33.13-2.el9_4.1.s390x.rpm SHA-256: f5226d9e3b3c80fc1ee31ad7cbfa4f5af9b822d9f9648316ec0e94bd07825ff0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.