INFSA-2025:15904: container-tools:rhel8 security update
Information about definition
Identificator: INFSA-2025:15904
Type: security
Release date: 2025-09-19 16:26:21 UTC
Information about package
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Vulnerabilities description
- CVE-2025-9566
There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-9566
|
no information | 8.1 | no information |
Updated packages
Preparing to download...