INFSA-2025:7462: podman security update
Information about definition
Identificator: INFSA-2025:7462
Type: security
Release date: 2025-07-15 19:23:03 UTC
Information about package
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Vulnerabilities description
- CVE-2025-22869
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
- CVE-2025-27144
A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of . characters. This issue could be exploied by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service.
Severity level
CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
---|---|---|---|
NIST — CVE-2025-22869
|
no information | 7.5 | no information |
NIST — CVE-2025-27144
|
no information | 7.5 | no information |
Updated packages