{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "Rebuild with golang >= 1.22.5-1.el9_2.tuxcare.els6 to address CVE-2025-47907", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2025/clsa-2025_1764082387.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1764082387", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1764082387" } ], "tracking": { "current_release_date": "2026-02-16T09:51:13Z", "generator": { "date": "2026-02-16T09:51:13Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1764082387", "initial_release_date": "2025-11-25T14:53:46Z", "revision_history": [ { "date": "2025-11-25T14:53:46Z", "number": "1", "summary": "Initial version" }, { "date": "2026-02-16T09:51:13Z", "number": "2", "summary": "Update document" } ], "status": "final", "version": "2" }, "title": "podman: Fix of CVE-2025-47907" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "podman-plugins-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "product": { "name": "podman-plugins-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "product_id": "podman-plugins-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/podman-plugins@4.4.1-13.el9_2.tuxcare.els6?arch=x86_64&epoch=2" } } }, { "category": "product_version", "name": "podman-gvproxy-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "product": { "name": "podman-gvproxy-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "product_id": "podman-gvproxy-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/podman-gvproxy@4.4.1-13.el9_2.tuxcare.els6?arch=x86_64&epoch=2" } } }, { "category": "product_version", "name": "podman-remote-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "product": { "name": "podman-remote-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "product_id": "podman-remote-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/podman-remote@4.4.1-13.el9_2.tuxcare.els6?arch=x86_64&epoch=2" } } }, { "category": "product_version", "name": "podman-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "product": { "name": "podman-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "product_id": "podman-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/podman@4.4.1-13.el9_2.tuxcare.els6?arch=x86_64&epoch=2" } } }, { "category": "product_version", "name": "podman-tests-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "product": { "name": "podman-tests-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "product_id": "podman-tests-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/podman-tests@4.4.1-13.el9_2.tuxcare.els6?arch=x86_64&epoch=2" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "podman-docker-2:4.4.1-13.el9_2.tuxcare.els6.noarch", "product": { "name": "podman-docker-2:4.4.1-13.el9_2.tuxcare.els6.noarch", "product_id": "podman-docker-2:4.4.1-13.el9_2.tuxcare.els6.noarch", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/podman-docker@4.4.1-13.el9_2.tuxcare.els6?arch=noarch&epoch=2" } } } ], "category": "architecture", "name": "noarch" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "podman-plugins-2:4.4.1-13.el9_2.tuxcare.els6.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:podman-plugins-2:4.4.1-13.el9_2.tuxcare.els6.x86_64" }, "product_reference": "podman-plugins-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "podman-gvproxy-2:4.4.1-13.el9_2.tuxcare.els6.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:podman-gvproxy-2:4.4.1-13.el9_2.tuxcare.els6.x86_64" }, "product_reference": "podman-gvproxy-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "podman-docker-2:4.4.1-13.el9_2.tuxcare.els6.noarch as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:podman-docker-2:4.4.1-13.el9_2.tuxcare.els6.noarch" }, "product_reference": "podman-docker-2:4.4.1-13.el9_2.tuxcare.els6.noarch", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "podman-remote-2:4.4.1-13.el9_2.tuxcare.els6.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:podman-remote-2:4.4.1-13.el9_2.tuxcare.els6.x86_64" }, "product_reference": "podman-remote-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "podman-2:4.4.1-13.el9_2.tuxcare.els6.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:podman-2:4.4.1-13.el9_2.tuxcare.els6.x86_64" }, "product_reference": "podman-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "podman-tests-2:4.4.1-13.el9_2.tuxcare.els6.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:podman-tests-2:4.4.1-13.el9_2.tuxcare.els6.x86_64" }, "product_reference": "podman-tests-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-47907", "cwe": { "id": "CWE-362", "name": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')" }, "notes": [ { "category": "description", "text": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:podman-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "AlmaLinux-9.2:podman-docker-2:4.4.1-13.el9_2.tuxcare.els6.noarch", "AlmaLinux-9.2:podman-gvproxy-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "AlmaLinux-9.2:podman-plugins-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "AlmaLinux-9.2:podman-remote-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "AlmaLinux-9.2:podman-tests-2:4.4.1-13.el9_2.tuxcare.els6.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-47907" } ], "release_date": "2025-08-07T15:25:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-11-25T14:53:09.634438Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1764082387", "product_ids": [ "AlmaLinux-9.2:podman-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "AlmaLinux-9.2:podman-docker-2:4.4.1-13.el9_2.tuxcare.els6.noarch", "AlmaLinux-9.2:podman-gvproxy-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "AlmaLinux-9.2:podman-plugins-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "AlmaLinux-9.2:podman-remote-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "AlmaLinux-9.2:podman-tests-2:4.4.1-13.el9_2.tuxcare.els6.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1764082387" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.2:podman-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "AlmaLinux-9.2:podman-docker-2:4.4.1-13.el9_2.tuxcare.els6.noarch", "AlmaLinux-9.2:podman-gvproxy-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "AlmaLinux-9.2:podman-plugins-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "AlmaLinux-9.2:podman-remote-2:4.4.1-13.el9_2.tuxcare.els6.x86_64", "AlmaLinux-9.2:podman-tests-2:4.4.1-13.el9_2.tuxcare.els6.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }