This advisory from Red Hat Product Security addresses six security vulnerabilities affecting container tooling and related libraries in Red Hat Enterprise Linux 9.0. Notably, multiple runc vulnerabilities (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) allow container escape through mount race conditions, malicious configurations, and arbitrary write operations. Additional issues include an unbounded memory allocation in golang's archive/tar when parsing GNU sparse maps (CVE-2025-58183), an SSH client panic in golang.org/x/crypto/ssh/agent (CVE-2025-47913), and a denial-of-service vulnerability in the logrus logging library due to large single-line payloads (CVE-2025-65637). These vulnerabilities could lead to container escapes, denial of service, or crashes. Red Hat has released updated packages to remediate these issues as part of RHSA-2026:8325.

The vulnerabilities collectively allow for container escape, denial of service, and potential crashes in containerized environments using affected Red Hat packages. Container escape vulnerabilities in runc could allow attackers to break out of container isolation, posing significant risks to host systems. Denial of service issues could disrupt container operations or SSH client functionality. Unbounded memory allocation could lead to resource exhaustion. These impacts affect Red Hat Enterprise Linux 9.0 and related container tooling packages.

Red Hat has released updated packages addressing these vulnerabilities as detailed in advisory RHSA-2026:8325. Users of affected Red Hat Enterprise Linux 9.0 and related container tools should apply the provided security updates promptly. For detailed update instructions, refer to https://access.redhat.com/articles/11258. No additional mitigation steps are indicated beyond applying the official patches.