Threats Tagged 'cve-2025-31133'

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.14.61. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2026:1003 Security Fix(es): * runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133) * runc: container escape with malicious config due to /dev/console mount and related races (CVE-2025-52565) * runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.

The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es): * runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133) * runc: container escape with malicious config due to /dev/console mount and related races (CVE-2025-52565) * runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es): * runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133) * runc: container escape with malicious config due to /dev/console mount and related races (CVE-2025-52565) * runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): * runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133) * runc: container escape with malicious config due to /dev/console mount and related races (CVE-2025-52565) * runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.14.59. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHSA-2025:21331 Security Fix(es): * runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133) * runc: container escape with malicious config due to /dev/console mount and related races (CVE-2025-52565) * runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881) * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.14 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html-single/updating_clusters/index#updating-cluster-cli.

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.18.29. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/156359 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/release_notes/ Security Fix(es): * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems (CVE-2025-11561) * runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133) * runc: container escape with malicious config due to /dev/console mount and related races (CVE-2025-52565) * runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.16.53. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/156371 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/release_notes/ Security Fix(es): * runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133) * runc: container escape with malicious config due to /dev/console mount and related races (CVE-2025-52565) * runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.16 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html-single/updating_clusters/index#updating-cluster-cli.

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.62. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/156645 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html/release_notes Security Fix(es): None For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.13/html-single/updating_clusters/index#updating-cluster-within-minor.

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.15.60. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/157173 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html/release_notes/ Security Fix(es): * sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems (CVE-2025-11561) * runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133) * runc: container escape with malicious config due to /dev/console mount and related races (CVE-2025-52565) * runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881) * podman: Build Context Bind Mount (CVE-2025-4953) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/updating_clusters/index#updating-cluster-cli.

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.84. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2026:0317 Security Fix(es): None For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.12 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html-single/updating_clusters/index#updating-cluster-within-minor.