{ "threat_severity" : "Moderate", "public_date" : "2025-10-29T22:10:12Z", "bugzilla" : { "description" : "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "id" : "2407260", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2407260" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-117", "details" : [ "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "The crypto/tls conn.Handshake method returns an error on the server-side when ALPN negotation fails which can contain arbitrary attacker controlled information provided by the client-side of the connection which is not escaped. This affects programs which log these errors without any additional form of sanitization, and may allow injection of attacker controlled information into logs." ], "affected_release" : [ { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-09T00:00:00Z", "advisory" : "RHSA-2026:7291", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "golang1-26-main-1.26.2-1.hum1" }, { "product_name" : "Red Hat Hardened Images", "release_date" : "2026-04-10T00:00:00Z", "advisory" : "RHSA-2026:7385", "cpe" : "cpe:/a:redhat:hummingbird:1", "package" : "golang1-25-main-1.25.9-1.hum1" } ], "package_state" : [ { "product_name" : "Assisted Installer for Red Hat OpenShift Container Platform 2", "fix_state" : "Fix deferred", "package_name" : "rhai/assisted-installer-rhel9", "cpe" : "cpe:/a:redhat:assisted_installer:2" }, { "product_name" : "Builds for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-builds/openshift-builds-waiters-rhel9", "cpe" : "cpe:/a:redhat:openshift_builds:1" }, { "product_name" : "cert-manager Operator for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "cert-manager/jetstack-cert-manager-rhel9", "cpe" : "cpe:/a:redhat:cert_manager:1" }, { "product_name" : "Compliance Operator", "fix_state" : "Fix deferred", "package_name" : "compliance/openshift-compliance-operator-bundle", "cpe" : "cpe:/a:redhat:openshift_compliance_operator:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Fix deferred", "package_name" : "build-of-trustee/trustee-rhel9-operator", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Confidential Compute Attestation", "fix_state" : "Fix deferred", "package_name" : "openshift-sandboxed-containers/osc-monitor-rhel9", "cpe" : "cpe:/a:redhat:confidential_compute_attestation:1" }, { "product_name" : "Cryostat 4", "fix_state" : "Fix deferred", "package_name" : "cryostat/cryostat-storage-rhel9", "cpe" : "cpe:/a:redhat:cryostat:4" }, { "product_name" : "Custom Metric Autoscaler operator for Red Hat Openshift", "fix_state" : "Fix deferred", "package_name" : "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel9", "cpe" : "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2" }, { "product_name" : "Deployment Validation Operator", "fix_state" : "Fix deferred", "package_name" : "dvo/deployment-validation-rhel8-operator", "cpe" : "cpe:/a:redhat:deployment_validator_operator" }, { "product_name" : "ExternalDNS Operator", "fix_state" : "Fix deferred", "package_name" : "edo/external-dns-rhel8", "cpe" : "cpe:/a:redhat:ext_dns_optr:1" }, { "product_name" : "ExternalDNS Operator", "fix_state" : "Fix deferred", "package_name" : "edo/external-dns-rhel9", "cpe" : "cpe:/a:redhat:ext_dns_optr:1" }, { "product_name" : "External Secrets Operator for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "external-secrets-operator/external-secrets-rhel9", "cpe" : "cpe:/a:redhat:external_secrets_operator:1" }, { "product_name" : "Fence Agents Remediation Operator", "fix_state" : "Fix deferred", "package_name" : "workload-availability/fence-agents-remediation-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_far:0" }, { "product_name" : "File Integrity Operator", "fix_state" : "Fix deferred", "package_name" : "compliance/openshift-compliance-operator-bundle", "cpe" : "cpe:/a:redhat:openshift_file_integrity_operator:1" }, { "product_name" : "Gatekeeper 3", "fix_state" : "Fix deferred", "package_name" : "gatekeeper/gatekeeper-rhel9-operator", "cpe" : "cpe:/a:redhat:gatekeeper:3" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/eventrouter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/logging-loki-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-logging/eventrouter-rhel9", "cpe" : "cpe:/a:redhat:logging:6" }, { "product_name" : "Logical Volume Manager Storage", "fix_state" : "Fix deferred", "package_name" : "lvms4/lvms-rhel9-operator", "cpe" : "cpe:/a:redhat:lvms:4" }, { "product_name" : "Logical Volume Manager Storage", "fix_state" : "Fix deferred", "package_name" : "lvms4/topolvm-rhel8", "cpe" : "cpe:/a:redhat:lvms:4" }, { "product_name" : "Logical Volume Manager Storage", "fix_state" : "Fix deferred", "package_name" : "lvms4/topolvm-rhel9", "cpe" : "cpe:/a:redhat:lvms:4" }, { "product_name" : "Machine Deletion Remediation Operator", "fix_state" : "Fix deferred", "package_name" : "workload-availability/machine-deletion-remediation-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_mdr:0" }, { "product_name" : "Migration Toolkit for Applications 8", "fix_state" : "Fix deferred", "package_name" : "mta/mta-cli-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:8" }, { "product_name" : "Migration Toolkit for Containers", "fix_state" : "Fix deferred", "package_name" : "rhmtc/openshift-migration-registry-rhel8", "cpe" : "cpe:/a:redhat:rhmt:1" }, { "product_name" : "mirror registry for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift/mirror-registry-rhel8", "cpe" : "cpe:/a:redhat:mirror_registry:1" }, { "product_name" : "mirror registry for Red Hat OpenShift 2", "fix_state" : "Fix deferred", "package_name" : "openshift/mirror-registry-rhel8", "cpe" : "cpe:/a:redhat:mirror_registry:2" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Fix deferred", "package_name" : "multicluster-engine/discovery-rhel9", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Global Hub", "fix_state" : "Fix deferred", "package_name" : "multicluster-globalhub/multicluster-globalhub-agent-rhel9", "cpe" : "cpe:/a:redhat:multicluster_globalhub" }, { "product_name" : "Network Observability Operator", "fix_state" : "Fix deferred", "package_name" : "network-observability/network-observability-cli-rhel9", "cpe" : "cpe:/a:redhat:network_observ_optr:1" }, { "product_name" : "Node HealthCheck Operator", "fix_state" : "Fix deferred", "package_name" : "workload-availability/node-healthcheck-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_nhc:0" }, { "product_name" : "OpenShift API for Data Protection", "fix_state" : "Fix deferred", "package_name" : "oadp/oadp-velero-rhel9", "cpe" : "cpe:/a:redhat:openshift_api_data_protection:1" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Fix deferred", "package_name" : "ocp-tools-4/jenkins-agent-base-rhel9", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Lightspeed", "fix_state" : "Fix deferred", "package_name" : "openshift-lightspeed/lightspeed-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift_lightspeed" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Fix deferred", "package_name" : "openshift-pipelines-client", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Fix deferred", "package_name" : "kn-workflow-plugin", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Fix deferred", "package_name" : "openshift-serverless-1/kn-plugin-event-sender-rhel9", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Fix deferred", "package_name" : "openshift-serverless-clients", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Fix deferred", "package_name" : "openshift4/ose-docker-builder-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Fix deferred", "package_name" : "openshift4/ose-docker-builder-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Fix deferred", "package_name" : "openshift-service-mesh/kiali-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "Power monitoring for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "openshift-power-monitoring/kepler-rhel9", "cpe" : "cpe:/a:redhat:openshift_power_monitoring" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Fix deferred", "package_name" : "3scale-amp2/3scale-rhel7-operator", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Fix deferred", "package_name" : "3scale-amp2/3scale-rhel9-operator", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Fix deferred", "package_name" : "3scale-amp26/3scale-operator", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Fix deferred", "package_name" : "3scale-amp26/operator", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Fix deferred", "package_name" : "rhacm2/subctl-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Fix deferred", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-26/receptor-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform/platform-operator-bundle", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "automation-gateway-proxy", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "python3.11-galaxy-ng", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "python3.11-grpcio", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "python3.12-galaxy-ng", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "python3.12-grpcio", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "receptor", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat build of Apache Camel - HawtIO 4", "fix_state" : "Fix deferred", "package_name" : "hawtio-operator-container", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4" }, { "product_name" : "Red Hat Certification Program for Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "redhat-certification-preflight", "cpe" : "cpe:/a:redhat:certifications:9" }, { "product_name" : "Red Hat Connectivity Link 1", "fix_state" : "Fix deferred", "package_name" : "rhcl-1/coredns-rhel9", "cpe" : "cpe:/a:redhat:connectivity_link:1" }, { "product_name" : "Red Hat Developer Hub", "fix_state" : "Fix deferred", "package_name" : "rhdh/rhdh-rhel9-operator", "cpe" : "cpe:/a:redhat:rhdh:1" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Fix deferred", "package_name" : "flightctl", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Edge Manager 1", "fix_state" : "Fix deferred", "package_name" : "rhem/flightctl-ui-rhel9", "cpe" : "cpe:/a:redhat:edge_manager:1" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "butane", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "delve", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "git-lfs", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "go-fdo-client", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "go-fdo-server", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "golang", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "golang-github-openprinting-ipp-usb", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "grafana-pcp", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "gvisor-tap-vsock", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "ignition", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "image-builder", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "opentelemetry-collector", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "podman", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "rhc", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "rhc-worker-playbook", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "rhel10/bootc-image-builder", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "skopeo", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "toolbox", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "trustee", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "trustee-guest-components", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "yggdrasil", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "container-tools:rhel8/buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "container-tools:rhel8/conmon", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "container-tools:rhel8/containernetworking-plugins", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "container-tools:rhel8/podman", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "container-tools:rhel8/runc", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "container-tools:rhel8/skopeo", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "container-tools:rhel8/toolbox", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "git-lfs", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "go-toolset:rhel8/golang", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "grafana-pcp", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "rhc", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "weldr-client", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "buildah", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "butane", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "containernetworking-plugins", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "git-lfs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "golang", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "grafana-pcp", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "gvisor-tap-vsock", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "ignition", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "image-builder", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "opentelemetry-collector", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "podman", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "rhc", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "rhel9/bootc-image-builder", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "runc", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "skopeo", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "toolbox", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "trustee-guest-components", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "weldr-client", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Fix deferred", "package_name" : "golang", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Lightspeed for Runtimes Operator", "fix_state" : "Fix deferred", "package_name" : "rh-lightspeed-runtimes/runtimes-inventory-rhel9-operator", "cpe" : "cpe:/a:redhat:lightspeed_for_runtimes:1" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Fix deferred", "package_name" : "rhoai/odh-cli-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Fix deferred", "package_name" : "rhoai/odh-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Fix deferred", "package_name" : "rhoai/odh-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Cluster Manager CLI", "fix_state" : "Fix deferred", "package_name" : "ocm-cli-clients/ocm-cli-rhel9", "cpe" : "cpe:/a:redhat:openshift_cluster_manager_cli:1" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "butane", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "conmon", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "cri-o", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "cri-tools", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "golang-github-prometheus-promu", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "ignition", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "kata-containers", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "microshift", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "openshift", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "openshift4/frr-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "openshift4/openshift-golang-builder", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "openshift-clients", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "ose-aws-ecr-image-credential-provider", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "ose-azure-acr-image-credential-provider", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "ose-gcp-gcr-image-credential-provider", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "podman", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "runc", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "skopeo", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Fix deferred", "package_name" : "odf4/cephcsi-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Fix deferred", "package_name" : "devspaces/udi-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Workspaces Operator", "fix_state" : "Fix deferred", "package_name" : "devworkspace/devworkspace-rhel9-operator", "cpe" : "cpe:/a:redhat:devworkspace" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Fix deferred", "package_name" : "rhosdt/tempo-rhel9", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift for Windows Containers", "fix_state" : "Fix deferred", "package_name" : "openshift4-wincw/windows-machine-config-rhel9-operator", "cpe" : "cpe:/a:redhat:windows_machine_config" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Fix deferred", "package_name" : "openshift-gitops-1/dex-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift on AWS", "fix_state" : "Fix deferred", "package_name" : "rosa", "cpe" : "cpe:/a:redhat:openshift_service_on_aws:1" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Fix deferred", "package_name" : "cnv4/openshift-golang-builder", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Fix deferred", "package_name" : "container-native-virtualization/virt-api-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Fix deferred", "package_name" : "etcd", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Fix deferred", "package_name" : "golang-github-infrawatch-apputils", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Fix deferred", "package_name" : "rhosp-rhel8/osp-director-agent", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Fix deferred", "package_name" : "collectd-libpod-stats", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Fix deferred", "package_name" : "etcd", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Fix deferred", "package_name" : "golang-github-infrawatch-apputils", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 17.1", "fix_state" : "Fix deferred", "package_name" : "rhosp-rhel9/osp-director-agent", "cpe" : "cpe:/a:redhat:openstack:17.1" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Fix deferred", "package_name" : "golang-github-openstack-k8s-operators-os-diff", "cpe" : "cpe:/a:redhat:openstack:18.0" }, { "product_name" : "Red Hat OpenStack Platform 18.0", "fix_state" : "Fix deferred", "package_name" : "rhoso-operators/sg-core-rhel9", "cpe" : "cpe:/a:redhat:openstack:18.0" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Fix deferred", "package_name" : "quay/quay-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Fix deferred", "package_name" : "quay/quay-rhel9", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Fix deferred", "package_name" : "satellite/iop-vmaas-rhel9", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Fix deferred", "package_name" : "yggdrasil-worker-forwarder", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Service Interconnect 1", "fix_state" : "Fix deferred", "package_name" : "skupper-cli", "cpe" : "cpe:/a:redhat:service_interconnect:1" }, { "product_name" : "Red Hat Service Interconnect 2", "fix_state" : "Fix deferred", "package_name" : "skupper-cli", "cpe" : "cpe:/a:redhat:service_interconnect:2" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Fix deferred", "package_name" : "rhtas/ec-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Web Terminal", "fix_state" : "Fix deferred", "package_name" : "web-terminal/web-terminal-exec-rhel9", "cpe" : "cpe:/a:redhat:webterminal:1" }, { "product_name" : "Security Profiles Operator", "fix_state" : "Fix deferred", "package_name" : "compliance/openshift-selinuxd-rhel8", "cpe" : "cpe:/a:redhat:openshift_security_profiles_operator:1" }, { "product_name" : "Service Telemetry Framework 1.5", "fix_state" : "Fix deferred", "package_name" : "stf/sg-core-rhel9", "cpe" : "cpe:/a:redhat:stf:1.5" }, { "product_name" : "streams for Apache Kafka 3", "fix_state" : "Fix deferred", "package_name" : "golang-github-danielqsj-kafka_exporter", "cpe" : "cpe:/a:redhat:amq_streams:3" }, { "product_name" : "Zero Trust Workload Identity Manager", "fix_state" : "Fix deferred", "package_name" : "zero-trust-workload-identity-manager/spiffe-csi-driver-rhel9", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:1" }, { "product_name" : "Zero Trust Workload Identity Manager - Tech Preview", "fix_state" : "Fix deferred", "package_name" : "zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9", "cpe" : "cpe:/a:redhat:zero_trust_workload_identity_manager:0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-58189\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-58189\nhttps://go.dev/cl/707776\nhttps://go.dev/issue/75652\nhttps://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI\nhttps://pkg.go.dev/vuln/GO-2025-4008" ], "name" : "CVE-2025-58189", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }