Red Hat Security Advisory: container-tools:rhel8 security update
Multiple security vulnerabilities affecting the container-tools module in Red Hat Enterprise Linux 8. 8 have been identified and addressed. These include several container escape vulnerabilities in runc caused by mount race conditions, malicious configurations, and arbitrary write gadgets. Additional issues include an unbounded allocation vulnerability in golang's archive/tar package, an SSH client panic in golang. org/x/crypto/ssh/agent, and a denial-of-service vulnerability in github. com/sirupsen/logrus due to large payloads. Red Hat has released an important security update to fix these issues in the container-tools module, which includes podman, buildah, skopeo, and runc. The update is available for Red Hat Enterprise Linux 8. 8 and related update services. Users should apply the update to mitigate these vulnerabilities.
AI Analysis
Technical Summary
The container-tools module in Red Hat Enterprise Linux 8.8, which includes tools such as podman, buildah, skopeo, and runc, contains multiple security vulnerabilities. Notably, runc is affected by container escape vulnerabilities due to mount race conditions (CVE-2025-31133), malicious configuration exploitation involving /dev/console mounts (CVE-2025-52565), and arbitrary write gadgets leading to container escape and denial of service (CVE-2025-52881). Additional vulnerabilities include an unbounded memory allocation in golang's archive/tar when parsing GNU sparse maps (CVE-2025-58183), an SSH client panic in golang.org/x/crypto/ssh/agent caused by unexpected SSH_AGENT_SUCCESS messages (CVE-2025-47913), and a denial-of-service vulnerability in github.com/sirupsen/logrus triggered by large single-line payloads (CVE-2025-65637). Red Hat has issued an important security advisory (RHSA-2026:4693) providing updates to address these issues for Red Hat Enterprise Linux 8.8 and associated update services.
Potential Impact
The vulnerabilities allow for container escape, denial of service, and potential arbitrary memory allocation, which could lead to system instability or compromise of container isolation boundaries. Specifically, the runc vulnerabilities enable an attacker to escape container confinement via mount race conditions and malicious configurations, potentially gaining unauthorized access to the host system. The golang archive/tar issue could lead to resource exhaustion due to unbounded memory allocation. The SSH agent vulnerability may cause client crashes, and the logrus vulnerability can cause denial of service through large payloads. These impacts affect containerized environments running the affected Red Hat Enterprise Linux 8.8 versions.
Mitigation Recommendations
Red Hat has released an important security update for the container-tools module in Red Hat Enterprise Linux 8.8 that addresses all listed vulnerabilities. Users should apply this update promptly following the guidance in Red Hat advisory RHSA-2026:4693 and the referenced article https://access.redhat.com/articles/11258. This update includes fixes for runc, golang, ssh agent, and logrus components. No alternative mitigations are specified; applying the official update is the recommended remediation.
Red Hat Security Advisory: container-tools:rhel8 security update
Description
Multiple security vulnerabilities affecting the container-tools module in Red Hat Enterprise Linux 8. 8 have been identified and addressed. These include several container escape vulnerabilities in runc caused by mount race conditions, malicious configurations, and arbitrary write gadgets. Additional issues include an unbounded allocation vulnerability in golang's archive/tar package, an SSH client panic in golang. org/x/crypto/ssh/agent, and a denial-of-service vulnerability in github. com/sirupsen/logrus due to large payloads. Red Hat has released an important security update to fix these issues in the container-tools module, which includes podman, buildah, skopeo, and runc. The update is available for Red Hat Enterprise Linux 8. 8 and related update services. Users should apply the update to mitigate these vulnerabilities.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The container-tools module in Red Hat Enterprise Linux 8.8, which includes tools such as podman, buildah, skopeo, and runc, contains multiple security vulnerabilities. Notably, runc is affected by container escape vulnerabilities due to mount race conditions (CVE-2025-31133), malicious configuration exploitation involving /dev/console mounts (CVE-2025-52565), and arbitrary write gadgets leading to container escape and denial of service (CVE-2025-52881). Additional vulnerabilities include an unbounded memory allocation in golang's archive/tar when parsing GNU sparse maps (CVE-2025-58183), an SSH client panic in golang.org/x/crypto/ssh/agent caused by unexpected SSH_AGENT_SUCCESS messages (CVE-2025-47913), and a denial-of-service vulnerability in github.com/sirupsen/logrus triggered by large single-line payloads (CVE-2025-65637). Red Hat has issued an important security advisory (RHSA-2026:4693) providing updates to address these issues for Red Hat Enterprise Linux 8.8 and associated update services.
Potential Impact
The vulnerabilities allow for container escape, denial of service, and potential arbitrary memory allocation, which could lead to system instability or compromise of container isolation boundaries. Specifically, the runc vulnerabilities enable an attacker to escape container confinement via mount race conditions and malicious configurations, potentially gaining unauthorized access to the host system. The golang archive/tar issue could lead to resource exhaustion due to unbounded memory allocation. The SSH agent vulnerability may cause client crashes, and the logrus vulnerability can cause denial of service through large payloads. These impacts affect containerized environments running the affected Red Hat Enterprise Linux 8.8 versions.
Mitigation Recommendations
Red Hat has released an important security update for the container-tools module in Red Hat Enterprise Linux 8.8 that addresses all listed vulnerabilities. Users should apply this update promptly following the guidance in Red Hat advisory RHSA-2026:4693 and the referenced article https://access.redhat.com/articles/11258. This update includes fixes for runc, golang, ssh agent, and logrus components. No alternative mitigations are specified; applying the official update is the recommended remediation.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:4693
- Cve Count
- 6
- Additional Cves
- ["CVE-2025-47913","CVE-2025-52565","CVE-2025-52881","CVE-2025-58183","CVE-2025-65637"]
- Cvss Version
- null
Threat ID: 6a16096fe29bf47b506368c1
Added to database: 5/26/2026, 8:58:23 PM
Last enriched: 5/27/2026, 1:05:01 AM
Last updated: 5/27/2026, 4:54:44 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.