INFSA-2025:22011: buildah security update
Information about definition
Identificator: INFSA-2025:22011
Type: security
Release date: 2025-12-07 23:21:36 UTC
Information about package
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
Vulnerabilities description
- CVE-2025-52881
A flaw was found in runc. This is a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process.
- CVE-2025-58183
A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-52881
|
no information | 8.2 | no information |
|
NIST — CVE-2025-58183
|
no information | 7.5 | no information |
Updated packages
Preparing to download...