Red Hat Security Advisory: container-tools:rhel8 security update
Red Hat has issued a moderate severity security advisory for the container-tools module in Red Hat Enterprise Linux 8. 8. The update addresses two vulnerabilities: CVE-2025-58183, an unbounded memory allocation issue in the golang archive/tar package when parsing GNU sparse maps, and CVE-2025-65637, a denial-of-service vulnerability in the github. com/sirupsen/logrus logging library caused by processing large single-line payloads. These vulnerabilities affect container-related tools such as podman, buildah, skopeo, and runc. The advisory provides updated packages to remediate these issues.
AI Analysis
Technical Summary
The container-tools module in Red Hat Enterprise Linux 8.8 includes tools for container management, notably podman, buildah, skopeo, and runc. Two security vulnerabilities have been identified and fixed: CVE-2025-58183 involves unbounded memory allocation in the golang archive/tar package when parsing GNU sparse maps, potentially leading to resource exhaustion. CVE-2025-65637 is a denial-of-service vulnerability in the github.com/sirupsen/logrus logging library triggered by large single-line payloads. Red Hat has released updated packages as part of a security advisory (RHSA-2026:6191) to address these issues. The advisory rates the impact as moderate and provides instructions for applying the update.
Potential Impact
The vulnerabilities could allow an attacker to cause resource exhaustion or denial-of-service conditions when processing specially crafted inputs related to container tools. Specifically, unbounded memory allocation in archive/tar could lead to excessive memory use, and the logrus vulnerability could cause denial-of-service through large payloads. There are no known exploits in the wild at this time. The impact is rated moderate by Red Hat.
Mitigation Recommendations
Red Hat has released updated packages for the container-tools module in Red Hat Enterprise Linux 8.8 that fix these vulnerabilities. Users should apply the security update RHSA-2026:6191 as soon as possible to remediate these issues. Detailed instructions for applying the update are available at https://access.redhat.com/articles/11258. Since this is not a cloud service, remediation depends on applying the vendor-provided patches. Patch status is confirmed by the vendor advisory.
Red Hat Security Advisory: container-tools:rhel8 security update
Description
Red Hat has issued a moderate severity security advisory for the container-tools module in Red Hat Enterprise Linux 8. 8. The update addresses two vulnerabilities: CVE-2025-58183, an unbounded memory allocation issue in the golang archive/tar package when parsing GNU sparse maps, and CVE-2025-65637, a denial-of-service vulnerability in the github. com/sirupsen/logrus logging library caused by processing large single-line payloads. These vulnerabilities affect container-related tools such as podman, buildah, skopeo, and runc. The advisory provides updated packages to remediate these issues.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The container-tools module in Red Hat Enterprise Linux 8.8 includes tools for container management, notably podman, buildah, skopeo, and runc. Two security vulnerabilities have been identified and fixed: CVE-2025-58183 involves unbounded memory allocation in the golang archive/tar package when parsing GNU sparse maps, potentially leading to resource exhaustion. CVE-2025-65637 is a denial-of-service vulnerability in the github.com/sirupsen/logrus logging library triggered by large single-line payloads. Red Hat has released updated packages as part of a security advisory (RHSA-2026:6191) to address these issues. The advisory rates the impact as moderate and provides instructions for applying the update.
Potential Impact
The vulnerabilities could allow an attacker to cause resource exhaustion or denial-of-service conditions when processing specially crafted inputs related to container tools. Specifically, unbounded memory allocation in archive/tar could lead to excessive memory use, and the logrus vulnerability could cause denial-of-service through large payloads. There are no known exploits in the wild at this time. The impact is rated moderate by Red Hat.
Mitigation Recommendations
Red Hat has released updated packages for the container-tools module in Red Hat Enterprise Linux 8.8 that fix these vulnerabilities. Users should apply the security update RHSA-2026:6191 as soon as possible to remediate these issues. Detailed instructions for applying the update are available at https://access.redhat.com/articles/11258. Since this is not a cloud service, remediation depends on applying the vendor-provided patches. Patch status is confirmed by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:6191
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-65637"]
- Cvss Version
- null
Threat ID: 6a160976e29bf47b50641190
Added to database: 5/26/2026, 8:58:30 PM
Last enriched: 5/26/2026, 10:11:13 PM
Last updated: 5/27/2026, 4:56:45 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.