RHSA-2025:11386HighCVSS 7.8
Red Hat Security Advisory: updated RHEL-8 based Middleware Containers container images
🔗 CVE IDs covered (4)
📋 Description
CVE-2024-12718 — cpython: python: Bypass extraction filter to modify file metadata outside extraction directory CVE-2025-4138 — cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory CVE-2025-4517 — python: cpython: Arbitrary writes via tarfile realpath overflow CVE-2025-6020 — linux-pam: Linux-pam directory Traversal
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2025:11386
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/errata/RHSA-2025:10698
- externalhttps://access.redhat.com/containers
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2370010
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2370013
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2370014
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2370016
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2372373
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2372385
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2372406
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2372426
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2372512
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_11386.json