Red Hat Product Errata RHSA-2026:0477 - Security Advisory
Issued:
2026-01-12
Updated:
2026-01-12

RHSA-2026:0477 - Security Advisory

Synopsis

Moderate: skopeo security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for skopeo is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.

Security Fix(es):

  • golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

  • BZ - 2407258 - CVE-2025-58183 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
skopeo-1.14.5-2.el9_4.3.src.rpm SHA-256: 302d46c4d4197296e1665c4073d06bc65515662e37bb49a31e56ce7554aa5f22
x86_64
skopeo-1.14.5-2.el9_4.3.x86_64.rpm SHA-256: 5fb2774e5f5c088c6eec5fe1ae6e150711ab591ce4acfa04c7846cf1506513fb
skopeo-debuginfo-1.14.5-2.el9_4.3.x86_64.rpm SHA-256: 1ca9571877afacf0dea5decb6e35495d8a471cc29fc31381b96dae1f38ce7ffa
skopeo-debugsource-1.14.5-2.el9_4.3.x86_64.rpm SHA-256: d01f9bcc9e08493feaf7429bdf7b2e84bc83dbdaa3f4866965f0fd0af9ba0348
skopeo-tests-1.14.5-2.el9_4.3.x86_64.rpm SHA-256: 0eb85f9fd079ee169fa89a33128b7938f8ddc403ed75c7ff85e309760067adec

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
skopeo-1.14.5-2.el9_4.3.src.rpm SHA-256: 302d46c4d4197296e1665c4073d06bc65515662e37bb49a31e56ce7554aa5f22
x86_64
skopeo-1.14.5-2.el9_4.3.x86_64.rpm SHA-256: 5fb2774e5f5c088c6eec5fe1ae6e150711ab591ce4acfa04c7846cf1506513fb
skopeo-debuginfo-1.14.5-2.el9_4.3.x86_64.rpm SHA-256: 1ca9571877afacf0dea5decb6e35495d8a471cc29fc31381b96dae1f38ce7ffa
skopeo-debugsource-1.14.5-2.el9_4.3.x86_64.rpm SHA-256: d01f9bcc9e08493feaf7429bdf7b2e84bc83dbdaa3f4866965f0fd0af9ba0348
skopeo-tests-1.14.5-2.el9_4.3.x86_64.rpm SHA-256: 0eb85f9fd079ee169fa89a33128b7938f8ddc403ed75c7ff85e309760067adec

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
skopeo-1.14.5-2.el9_4.3.src.rpm SHA-256: 302d46c4d4197296e1665c4073d06bc65515662e37bb49a31e56ce7554aa5f22
s390x
skopeo-1.14.5-2.el9_4.3.s390x.rpm SHA-256: c99006e514ae6840f9974dd8a8d3bd580c3e237904ce6484f527ddce4bac709a
skopeo-debuginfo-1.14.5-2.el9_4.3.s390x.rpm SHA-256: fbf03970c7859e35bd5464a90f2602c9423f35cb48d55bf35ffc34cbdec8ddc0
skopeo-debugsource-1.14.5-2.el9_4.3.s390x.rpm SHA-256: d02dbbbb1ce48cdfc1113081de4932c44cceb1ac5907fd300c3c5c588198dcdc
skopeo-tests-1.14.5-2.el9_4.3.s390x.rpm SHA-256: 35df217241ac99d682071e7a4aa68b3be2714199ba9137f12a4ae703ff9cf303

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
skopeo-1.14.5-2.el9_4.3.src.rpm SHA-256: 302d46c4d4197296e1665c4073d06bc65515662e37bb49a31e56ce7554aa5f22
ppc64le
skopeo-1.14.5-2.el9_4.3.ppc64le.rpm SHA-256: f1489fbdc84c0657e3d8e10e70dd23997fc7a86ea3aeec24500a95d3ffdc0283
skopeo-debuginfo-1.14.5-2.el9_4.3.ppc64le.rpm SHA-256: b305ce22d12a412a2fac0f11bc56878edf97b95c7e7b86d48072c15c405c6126
skopeo-debugsource-1.14.5-2.el9_4.3.ppc64le.rpm SHA-256: cf18820f6ec9806fb6417cf94ad9c9d68cff6b56d546a663f0654a9c001d903b
skopeo-tests-1.14.5-2.el9_4.3.ppc64le.rpm SHA-256: 895b3fb659c64cb6a94f6df25abcc6f3a5052864cae5550638668c307ee059fa

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
skopeo-1.14.5-2.el9_4.3.src.rpm SHA-256: 302d46c4d4197296e1665c4073d06bc65515662e37bb49a31e56ce7554aa5f22
aarch64
skopeo-1.14.5-2.el9_4.3.aarch64.rpm SHA-256: 2db60ab462a2142a5326f68076eaf2884032e4c359b15e2295a6ec37ca9f09d0
skopeo-debuginfo-1.14.5-2.el9_4.3.aarch64.rpm SHA-256: 583b4116dd4d41e0922c68b913605a2dccc8ce9dc7f3348e8bb508fda4365e11
skopeo-debugsource-1.14.5-2.el9_4.3.aarch64.rpm SHA-256: 7858255afe6cf5c28ef26da2872b3e40ddfcf467185240441ddabd5d9fbb19f8
skopeo-tests-1.14.5-2.el9_4.3.aarch64.rpm SHA-256: 4a795f9c932f5effbe123e034b27814f763fd2f83256a0ae8f0612bbcd727d8d

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
skopeo-1.14.5-2.el9_4.3.src.rpm SHA-256: 302d46c4d4197296e1665c4073d06bc65515662e37bb49a31e56ce7554aa5f22
ppc64le
skopeo-1.14.5-2.el9_4.3.ppc64le.rpm SHA-256: f1489fbdc84c0657e3d8e10e70dd23997fc7a86ea3aeec24500a95d3ffdc0283
skopeo-debuginfo-1.14.5-2.el9_4.3.ppc64le.rpm SHA-256: b305ce22d12a412a2fac0f11bc56878edf97b95c7e7b86d48072c15c405c6126
skopeo-debugsource-1.14.5-2.el9_4.3.ppc64le.rpm SHA-256: cf18820f6ec9806fb6417cf94ad9c9d68cff6b56d546a663f0654a9c001d903b
skopeo-tests-1.14.5-2.el9_4.3.ppc64le.rpm SHA-256: 895b3fb659c64cb6a94f6df25abcc6f3a5052864cae5550638668c307ee059fa

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
skopeo-1.14.5-2.el9_4.3.src.rpm SHA-256: 302d46c4d4197296e1665c4073d06bc65515662e37bb49a31e56ce7554aa5f22
x86_64
skopeo-1.14.5-2.el9_4.3.x86_64.rpm SHA-256: 5fb2774e5f5c088c6eec5fe1ae6e150711ab591ce4acfa04c7846cf1506513fb
skopeo-debuginfo-1.14.5-2.el9_4.3.x86_64.rpm SHA-256: 1ca9571877afacf0dea5decb6e35495d8a471cc29fc31381b96dae1f38ce7ffa
skopeo-debugsource-1.14.5-2.el9_4.3.x86_64.rpm SHA-256: d01f9bcc9e08493feaf7429bdf7b2e84bc83dbdaa3f4866965f0fd0af9ba0348
skopeo-tests-1.14.5-2.el9_4.3.x86_64.rpm SHA-256: 0eb85f9fd079ee169fa89a33128b7938f8ddc403ed75c7ff85e309760067adec

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
skopeo-1.14.5-2.el9_4.3.src.rpm SHA-256: 302d46c4d4197296e1665c4073d06bc65515662e37bb49a31e56ce7554aa5f22
aarch64
skopeo-1.14.5-2.el9_4.3.aarch64.rpm SHA-256: 2db60ab462a2142a5326f68076eaf2884032e4c359b15e2295a6ec37ca9f09d0
skopeo-debuginfo-1.14.5-2.el9_4.3.aarch64.rpm SHA-256: 583b4116dd4d41e0922c68b913605a2dccc8ce9dc7f3348e8bb508fda4365e11
skopeo-debugsource-1.14.5-2.el9_4.3.aarch64.rpm SHA-256: 7858255afe6cf5c28ef26da2872b3e40ddfcf467185240441ddabd5d9fbb19f8
skopeo-tests-1.14.5-2.el9_4.3.aarch64.rpm SHA-256: 4a795f9c932f5effbe123e034b27814f763fd2f83256a0ae8f0612bbcd727d8d

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
skopeo-1.14.5-2.el9_4.3.src.rpm SHA-256: 302d46c4d4197296e1665c4073d06bc65515662e37bb49a31e56ce7554aa5f22
s390x
skopeo-1.14.5-2.el9_4.3.s390x.rpm SHA-256: c99006e514ae6840f9974dd8a8d3bd580c3e237904ce6484f527ddce4bac709a
skopeo-debuginfo-1.14.5-2.el9_4.3.s390x.rpm SHA-256: fbf03970c7859e35bd5464a90f2602c9423f35cb48d55bf35ffc34cbdec8ddc0
skopeo-debugsource-1.14.5-2.el9_4.3.s390x.rpm SHA-256: d02dbbbb1ce48cdfc1113081de4932c44cceb1ac5907fd300c3c5c588198dcdc
skopeo-tests-1.14.5-2.el9_4.3.s390x.rpm SHA-256: 35df217241ac99d682071e7a4aa68b3be2714199ba9137f12a4ae703ff9cf303

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.