Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Red Hat Container Tools for RHEL 8 May Allow Malicious Container Escalation
RHSA-2026:3428
Summary
Red Hat's container tools for RHEL 8 have a security update available to fix a flaw that could allow an attacker to gain elevated privileges within a container. This affects systems running Red Hat Enterprise Linux 8. If you're using these tools, you should update to the latest version to prevent potential security risks. Apply the update as soon as possible to ensure the security of your containers and the systems they run on.
What to do
- Update redhat aardvark-dns to version 2:1.10.1-2.module+el8.10.0+23963+b64d8032.
- Update redhat buildah to version 2:1.33.14-2.module+el8.10.0+23963+b64d8032.
- Update redhat buildah-debuginfo to version 2:1.33.14-2.module+el8.10.0+23963+b64d8032.
- Update redhat buildah-debugsource to version 2:1.33.14-2.module+el8.10.0+23963+b64d8032.
- Update redhat buildah-tests to version 2:1.33.14-2.module+el8.10.0+23963+b64d8032.
- Update redhat buildah-tests-debuginfo to version 2:1.33.14-2.module+el8.10.0+23963+b64d8032.
- Update redhat cockpit-podman to version 0:84.1-1.module+el8.10.0+23963+b64d8032.
- Update redhat conmon to version 3:2.1.10-1.module+el8.10.0+23963+b64d8032.
- Update redhat conmon-debuginfo to version 3:2.1.10-1.module+el8.10.0+23963+b64d8032.
- Update redhat conmon-debugsource to version 3:2.1.10-1.module+el8.10.0+23963+b64d8032.
- Update redhat container-selinux to version 2:2.229.0-2.module+el8.10.0+23963+b64d8032.
- Update redhat containernetworking-plugins to version 1:1.4.0-7.module+el8.10.0+23963+b64d8032.
- Update redhat containernetworking-plugins-debuginfo to version 1:1.4.0-7.module+el8.10.0+23963+b64d8032.
- Update redhat containernetworking-plugins-debugsource to version 1:1.4.0-7.module+el8.10.0+23963+b64d8032.
- Update redhat containers-common to version 2:1-82.module+el8.10.0+23963+b64d8032.
- Update redhat crit to version 0:3.18-5.module+el8.10.0+23963+b64d8032.
- Update redhat criu to version 0:3.18-5.module+el8.10.0+23963+b64d8032.
- Update redhat criu-debuginfo to version 0:3.18-5.module+el8.10.0+23963+b64d8032.
- Update redhat criu-debugsource to version 0:3.18-5.module+el8.10.0+23963+b64d8032.
- Update redhat criu-devel to version 0:3.18-5.module+el8.10.0+23963+b64d8032.
- Update redhat criu-libs to version 0:3.18-5.module+el8.10.0+23963+b64d8032.
- Update redhat criu-libs-debuginfo to version 0:3.18-5.module+el8.10.0+23963+b64d8032.
- Update redhat crun to version 0:1.14.3-2.module+el8.10.0+23963+b64d8032.
- Update redhat crun-debuginfo to version 0:1.14.3-2.module+el8.10.0+23963+b64d8032.
- Update redhat crun-debugsource to version 0:1.14.3-2.module+el8.10.0+23963+b64d8032.
- Update redhat fuse-overlayfs to version 0:1.13-1.module+el8.10.0+23963+b64d8032.
- Update redhat fuse-overlayfs-debuginfo to version 0:1.13-1.module+el8.10.0+23963+b64d8032.
- Update redhat fuse-overlayfs-debugsource to version 0:1.13-1.module+el8.10.0+23963+b64d8032.
- Update redhat libslirp to version 0:4.4.0-2.module+el8.10.0+23963+b64d8032.
- Update redhat libslirp-debuginfo to version 0:4.4.0-2.module+el8.10.0+23963+b64d8032.
- Update redhat libslirp-debugsource to version 0:4.4.0-2.module+el8.10.0+23963+b64d8032.
- Update redhat libslirp-devel to version 0:4.4.0-2.module+el8.10.0+23963+b64d8032.
- Update redhat netavark to version 2:1.10.3-1.module+el8.10.0+23963+b64d8032.
- Update redhat oci-seccomp-bpf-hook to version 0:1.2.10-1.module+el8.10.0+23963+b64d8032.
- Update redhat oci-seccomp-bpf-hook-debuginfo to version 0:1.2.10-1.module+el8.10.0+23963+b64d8032.
- Update redhat oci-seccomp-bpf-hook-debugsource to version 0:1.2.10-1.module+el8.10.0+23963+b64d8032.
- Update redhat podman to version 4:4.9.4-28.module+el8.10.0+23963+b64d8032.
- Update redhat podman-catatonit to version 4:4.9.4-28.module+el8.10.0+23963+b64d8032.
- Update redhat podman-catatonit-debuginfo to version 4:4.9.4-28.module+el8.10.0+23963+b64d8032.
- Update redhat podman-debuginfo to version 4:4.9.4-28.module+el8.10.0+23963+b64d8032.
- Update redhat podman-debugsource to version 4:4.9.4-28.module+el8.10.0+23963+b64d8032.
- Update redhat podman-docker to version 4:4.9.4-28.module+el8.10.0+23963+b64d8032.
- Update redhat podman-gvproxy to version 4:4.9.4-28.module+el8.10.0+23963+b64d8032.
- Update redhat podman-gvproxy-debuginfo to version 4:4.9.4-28.module+el8.10.0+23963+b64d8032.
- Update redhat podman-plugins to version 4:4.9.4-28.module+el8.10.0+23963+b64d8032.
- Update redhat podman-plugins-debuginfo to version 4:4.9.4-28.module+el8.10.0+23963+b64d8032.
- Update redhat podman-remote to version 4:4.9.4-28.module+el8.10.0+23963+b64d8032.
- Update redhat podman-remote-debuginfo to version 4:4.9.4-28.module+el8.10.0+23963+b64d8032.
- Update redhat podman-tests to version 4:4.9.4-28.module+el8.10.0+23963+b64d8032.
- Update redhat python-podman to version 0:4.9.0-3.module+el8.10.0+23963+b64d8032.
- Update redhat python3-criu to version 0:3.18-5.module+el8.10.0+23963+b64d8032.
- Update redhat python3-podman to version 0:4.9.0-3.module+el8.10.0+23963+b64d8032.
- Update redhat runc to version 4:1.2.9-3.module+el8.10.0+23963+b64d8032.
- Update redhat runc-debuginfo to version 4:1.2.9-3.module+el8.10.0+23963+b64d8032.
- Update redhat runc-debugsource to version 4:1.2.9-3.module+el8.10.0+23963+b64d8032.
- Update redhat skopeo to version 2:1.14.5-6.module+el8.10.0+23963+b64d8032.
- Update redhat skopeo-tests to version 2:1.14.5-6.module+el8.10.0+23963+b64d8032.
- Update redhat slirp4netns to version 0:1.2.3-1.module+el8.10.0+23963+b64d8032.
- Update redhat slirp4netns-debuginfo to version 0:1.2.3-1.module+el8.10.0+23963+b64d8032.
- Update redhat slirp4netns-debugsource to version 0:1.2.3-1.module+el8.10.0+23963+b64d8032.
- Update redhat toolbox to version 0:0.0.99.5.1-1.module+el8.10.0+23963+b64d8032.
- Update redhat toolbox-debuginfo to version 0:0.0.99.5.1-1.module+el8.10.0+23963+b64d8032.
- Update redhat toolbox-debugsource to version 0:0.0.99.5.1-1.module+el8.10.0+23963+b64d8032.
- Update redhat toolbox-tests to version 0:0.0.99.5.1-1.module+el8.10.0+23963+b64d8032.
- Update redhat udica to version 0:0.2.6-21.module+el8.10.0+23963+b64d8032.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | aardvark-dns | <= 2:1.10.1-2.module+el8.10.0+23963+b64d8032 | 2:1.10.1-2.module+el8.10.0+23963+b64d8032 |
| redhat | buildah | <= 2:1.33.14-2.module+el8.10.0+23963+b64d8032 | 2:1.33.14-2.module+el8.10.0+23963+b64d8032 |
| redhat | buildah-debuginfo | <= 2:1.33.14-2.module+el8.10.0+23963+b64d8032 | 2:1.33.14-2.module+el8.10.0+23963+b64d8032 |
| redhat | buildah-debugsource | <= 2:1.33.14-2.module+el8.10.0+23963+b64d8032 | 2:1.33.14-2.module+el8.10.0+23963+b64d8032 |
| redhat | buildah-tests | <= 2:1.33.14-2.module+el8.10.0+23963+b64d8032 | 2:1.33.14-2.module+el8.10.0+23963+b64d8032 |
| redhat | buildah-tests-debuginfo | <= 2:1.33.14-2.module+el8.10.0+23963+b64d8032 | 2:1.33.14-2.module+el8.10.0+23963+b64d8032 |
| redhat | cockpit-podman | <= 0:84.1-1.module+el8.10.0+23963+b64d8032 | 0:84.1-1.module+el8.10.0+23963+b64d8032 |
| redhat | conmon | <= 3:2.1.10-1.module+el8.10.0+23963+b64d8032 | 3:2.1.10-1.module+el8.10.0+23963+b64d8032 |
| redhat | conmon-debuginfo | <= 3:2.1.10-1.module+el8.10.0+23963+b64d8032 | 3:2.1.10-1.module+el8.10.0+23963+b64d8032 |
| redhat | conmon-debugsource | <= 3:2.1.10-1.module+el8.10.0+23963+b64d8032 | 3:2.1.10-1.module+el8.10.0+23963+b64d8032 |
| redhat | container-selinux | <= 2:2.229.0-2.module+el8.10.0+23963+b64d8032 | 2:2.229.0-2.module+el8.10.0+23963+b64d8032 |
| redhat | containernetworking-plugins | <= 1:1.4.0-7.module+el8.10.0+23963+b64d8032 | 1:1.4.0-7.module+el8.10.0+23963+b64d8032 |
| redhat | containernetworking-plugins-debuginfo | <= 1:1.4.0-7.module+el8.10.0+23963+b64d8032 | 1:1.4.0-7.module+el8.10.0+23963+b64d8032 |
| redhat | containernetworking-plugins-debugsource | <= 1:1.4.0-7.module+el8.10.0+23963+b64d8032 | 1:1.4.0-7.module+el8.10.0+23963+b64d8032 |
| redhat | containers-common | <= 2:1-82.module+el8.10.0+23963+b64d8032 | 2:1-82.module+el8.10.0+23963+b64d8032 |
| redhat | crit | <= 0:3.18-5.module+el8.10.0+23963+b64d8032 | 0:3.18-5.module+el8.10.0+23963+b64d8032 |
| redhat | criu | <= 0:3.18-5.module+el8.10.0+23963+b64d8032 | 0:3.18-5.module+el8.10.0+23963+b64d8032 |
| redhat | criu-debuginfo | <= 0:3.18-5.module+el8.10.0+23963+b64d8032 | 0:3.18-5.module+el8.10.0+23963+b64d8032 |
| redhat | criu-debugsource | <= 0:3.18-5.module+el8.10.0+23963+b64d8032 | 0:3.18-5.module+el8.10.0+23963+b64d8032 |
| redhat | criu-devel | <= 0:3.18-5.module+el8.10.0+23963+b64d8032 | 0:3.18-5.module+el8.10.0+23963+b64d8032 |
| redhat | criu-libs | <= 0:3.18-5.module+el8.10.0+23963+b64d8032 | 0:3.18-5.module+el8.10.0+23963+b64d8032 |
| redhat | criu-libs-debuginfo | <= 0:3.18-5.module+el8.10.0+23963+b64d8032 | 0:3.18-5.module+el8.10.0+23963+b64d8032 |
| redhat | crun | <= 0:1.14.3-2.module+el8.10.0+23963+b64d8032 | 0:1.14.3-2.module+el8.10.0+23963+b64d8032 |
| redhat | crun-debuginfo | <= 0:1.14.3-2.module+el8.10.0+23963+b64d8032 | 0:1.14.3-2.module+el8.10.0+23963+b64d8032 |
| redhat | crun-debugsource | <= 0:1.14.3-2.module+el8.10.0+23963+b64d8032 | 0:1.14.3-2.module+el8.10.0+23963+b64d8032 |
| redhat | fuse-overlayfs | <= 0:1.13-1.module+el8.10.0+23963+b64d8032 | 0:1.13-1.module+el8.10.0+23963+b64d8032 |
| redhat | fuse-overlayfs-debuginfo | <= 0:1.13-1.module+el8.10.0+23963+b64d8032 | 0:1.13-1.module+el8.10.0+23963+b64d8032 |
| redhat | fuse-overlayfs-debugsource | <= 0:1.13-1.module+el8.10.0+23963+b64d8032 | 0:1.13-1.module+el8.10.0+23963+b64d8032 |
| redhat | libslirp | <= 0:4.4.0-2.module+el8.10.0+23963+b64d8032 | 0:4.4.0-2.module+el8.10.0+23963+b64d8032 |
| redhat | libslirp-debuginfo | <= 0:4.4.0-2.module+el8.10.0+23963+b64d8032 | 0:4.4.0-2.module+el8.10.0+23963+b64d8032 |
| redhat | libslirp-debugsource | <= 0:4.4.0-2.module+el8.10.0+23963+b64d8032 | 0:4.4.0-2.module+el8.10.0+23963+b64d8032 |
| redhat | libslirp-devel | <= 0:4.4.0-2.module+el8.10.0+23963+b64d8032 | 0:4.4.0-2.module+el8.10.0+23963+b64d8032 |
| redhat | netavark | <= 2:1.10.3-1.module+el8.10.0+23963+b64d8032 | 2:1.10.3-1.module+el8.10.0+23963+b64d8032 |
| redhat | oci-seccomp-bpf-hook | <= 0:1.2.10-1.module+el8.10.0+23963+b64d8032 | 0:1.2.10-1.module+el8.10.0+23963+b64d8032 |
| redhat | oci-seccomp-bpf-hook-debuginfo | <= 0:1.2.10-1.module+el8.10.0+23963+b64d8032 | 0:1.2.10-1.module+el8.10.0+23963+b64d8032 |
| redhat | oci-seccomp-bpf-hook-debugsource | <= 0:1.2.10-1.module+el8.10.0+23963+b64d8032 | 0:1.2.10-1.module+el8.10.0+23963+b64d8032 |
| redhat | podman | <= 4:4.9.4-28.module+el8.10.0+23963+b64d8032 | 4:4.9.4-28.module+el8.10.0+23963+b64d8032 |
| redhat | podman-catatonit | <= 4:4.9.4-28.module+el8.10.0+23963+b64d8032 | 4:4.9.4-28.module+el8.10.0+23963+b64d8032 |
| redhat | podman-catatonit-debuginfo | <= 4:4.9.4-28.module+el8.10.0+23963+b64d8032 | 4:4.9.4-28.module+el8.10.0+23963+b64d8032 |
| redhat | podman-debuginfo | <= 4:4.9.4-28.module+el8.10.0+23963+b64d8032 | 4:4.9.4-28.module+el8.10.0+23963+b64d8032 |
| redhat | podman-debugsource | <= 4:4.9.4-28.module+el8.10.0+23963+b64d8032 | 4:4.9.4-28.module+el8.10.0+23963+b64d8032 |
| redhat | podman-docker | <= 4:4.9.4-28.module+el8.10.0+23963+b64d8032 | 4:4.9.4-28.module+el8.10.0+23963+b64d8032 |
| redhat | podman-gvproxy | <= 4:4.9.4-28.module+el8.10.0+23963+b64d8032 | 4:4.9.4-28.module+el8.10.0+23963+b64d8032 |
| redhat | podman-gvproxy-debuginfo | <= 4:4.9.4-28.module+el8.10.0+23963+b64d8032 | 4:4.9.4-28.module+el8.10.0+23963+b64d8032 |
| redhat | podman-plugins | <= 4:4.9.4-28.module+el8.10.0+23963+b64d8032 | 4:4.9.4-28.module+el8.10.0+23963+b64d8032 |
| redhat | podman-plugins-debuginfo | <= 4:4.9.4-28.module+el8.10.0+23963+b64d8032 | 4:4.9.4-28.module+el8.10.0+23963+b64d8032 |
| redhat | podman-remote | <= 4:4.9.4-28.module+el8.10.0+23963+b64d8032 | 4:4.9.4-28.module+el8.10.0+23963+b64d8032 |
| redhat | podman-remote-debuginfo | <= 4:4.9.4-28.module+el8.10.0+23963+b64d8032 | 4:4.9.4-28.module+el8.10.0+23963+b64d8032 |
| redhat | podman-tests | <= 4:4.9.4-28.module+el8.10.0+23963+b64d8032 | 4:4.9.4-28.module+el8.10.0+23963+b64d8032 |
| redhat | python-podman | <= 0:4.9.0-3.module+el8.10.0+23963+b64d8032 | 0:4.9.0-3.module+el8.10.0+23963+b64d8032 |
| redhat | python3-criu | <= 0:3.18-5.module+el8.10.0+23963+b64d8032 | 0:3.18-5.module+el8.10.0+23963+b64d8032 |
| redhat | python3-podman | <= 0:4.9.0-3.module+el8.10.0+23963+b64d8032 | 0:4.9.0-3.module+el8.10.0+23963+b64d8032 |
| redhat | runc | <= 4:1.2.9-3.module+el8.10.0+23963+b64d8032 | 4:1.2.9-3.module+el8.10.0+23963+b64d8032 |
| redhat | runc-debuginfo | <= 4:1.2.9-3.module+el8.10.0+23963+b64d8032 | 4:1.2.9-3.module+el8.10.0+23963+b64d8032 |
| redhat | runc-debugsource | <= 4:1.2.9-3.module+el8.10.0+23963+b64d8032 | 4:1.2.9-3.module+el8.10.0+23963+b64d8032 |
| redhat | skopeo | <= 2:1.14.5-6.module+el8.10.0+23963+b64d8032 | 2:1.14.5-6.module+el8.10.0+23963+b64d8032 |
| redhat | skopeo-tests | <= 2:1.14.5-6.module+el8.10.0+23963+b64d8032 | 2:1.14.5-6.module+el8.10.0+23963+b64d8032 |
| redhat | slirp4netns | <= 0:1.2.3-1.module+el8.10.0+23963+b64d8032 | 0:1.2.3-1.module+el8.10.0+23963+b64d8032 |
| redhat | slirp4netns-debuginfo | <= 0:1.2.3-1.module+el8.10.0+23963+b64d8032 | 0:1.2.3-1.module+el8.10.0+23963+b64d8032 |
| redhat | slirp4netns-debugsource | <= 0:1.2.3-1.module+el8.10.0+23963+b64d8032 | 0:1.2.3-1.module+el8.10.0+23963+b64d8032 |
| redhat | toolbox | <= 0:0.0.99.5.1-1.module+el8.10.0+23963+b64d8032 | 0:0.0.99.5.1-1.module+el8.10.0+23963+b64d8032 |
| redhat | toolbox-debuginfo | <= 0:0.0.99.5.1-1.module+el8.10.0+23963+b64d8032 | 0:0.0.99.5.1-1.module+el8.10.0+23963+b64d8032 |
| redhat | toolbox-debugsource | <= 0:0.0.99.5.1-1.module+el8.10.0+23963+b64d8032 | 0:0.0.99.5.1-1.module+el8.10.0+23963+b64d8032 |
| redhat | toolbox-tests | <= 0:0.0.99.5.1-1.module+el8.10.0+23963+b64d8032 | 0:0.0.99.5.1-1.module+el8.10.0+23963+b64d8032 |
| redhat | udica | <= 0:0.2.6-21.module+el8.10.0+23963+b64d8032 | 0:0.2.6-21.module+el8.10.0+23963+b64d8032 |
Original title
Red Hat Security Advisory: container-tools:rhel8 security update
osv CVSS3.1
7.5
- https://access.redhat.com/errata/RHSA-2026:3428 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2268022 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418462 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2418900 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3428.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2024-24785 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2024-24785 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-24785 Vendor Advisory
- https://go.dev/cl/564196 Third Party Advisory
- https://go.dev/issue/65697 Third Party Advisory
- https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg Third Party Advisory
- https://vuln.go.dev/ID/GO-2024-2610.json Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2025-61729 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-61729 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61729 Vendor Advisory
- https://go.dev/cl/725920 Third Party Advisory
- https://go.dev/issue/76445 Third Party Advisory
- https://groups.google.com/g/golang-announce/c/8FJoBkPddm4 Third Party Advisory
- https://pkg.go.dev/vuln/GO-2025-4155 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-65637 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-65637 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-65637 Vendor Advisory
- https://github.com/mjuanxd/logrus-dos-poc Third Party Advisory
- https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md Third Party Advisory
- https://github.com/sirupsen/logrus/issues/1370 Third Party Advisory
- https://github.com/sirupsen/logrus/pull/1376 Third Party Advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.8.3 Third Party Advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.9.1 Third Party Advisory
- https://github.com/sirupsen/logrus/releases/tag/v1.9.3 Third Party Advisory
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391 Third Party Advisory
Published: 27 Feb 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026