RHSA-2025:15828HighCVSS 9.1
Red Hat Security Advisory: updated web-terminal/tooling container image
🔗 CVE IDs covered (10)
📋 Description
CVE-2023-45288 — golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2025-5914 — libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c CVE-2025-6020 — linux-pam: Linux-pam directory Traversal CVE-2025-6965 — sqlite: Integer Truncation in SQLite CVE-2025-7425 — libxslt: libxml2: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr CVE-2025-8941 — linux-pam: Incomplete fix for CVE-2025-6020 CVE-2025-48384 — git: Git arbitrary code execution CVE-2025-48385 — git: Git arbitrary file writes CVE-2025-49794 — libxml: Heap use after free (UAF) leads to Denial of service (DoS) CVE-2025-49796 — libxml: Type confusion leads to Denial of service (DoS)
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2025:15828
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://catalog.redhat.com/software/containers/registry/registry.access.redhat.com/repository/web-terminal/tooling
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2370861
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2372373
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2372385
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2372512
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2378806
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2378808
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2379274
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2380149
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2388220
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15828.json