[security - high] container-tools:rhel8 security update, udica-0.2.6-21.module+el8+1964+02fb4d8f

エラータID: AXSA:2026-338:01

Release date: 
Thursday, March 19, 2026 - 13:52
Subject: 
[security - high] container-tools:rhel8 security update, udica-0.2.6-21.module+el8+1964+02fb4d8f
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

* golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-61726
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.
CVE-2025-61728
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
CVE-2025-68121
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

Modularity name: "container-tools"
Stream name: "rhel8"

Solution: 

Update packages.

CVEs: 
CVE-2025-61726
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.
CVE-2025-61728
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
CVE-2025-68121
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
Additional Info: 

N/A

Download: 

SRPMS
  1. aardvark-dns-1.10.1-2.module+el8+1964+02fb4d8f.src.rpm
    MD5: 294b1d3a375bdb034951b3cd0cc938e9
    SHA-256: d4bde6345c1e57042791dbe24369f587e609c9f0d504ce9282443f03cb2e39e5
    Size: 6.14 MB
  2. buildah-1.33.14-3.module+el8+1964+02fb4d8f.src.rpm
    MD5: 514e51a910283a5ddd51045b2635d297
    SHA-256: 59583cacb526b5046719feba604df5103d64b19f22034c1c9b4a2534967abdf4
    Size: 18.40 MB
  3. cockpit-podman-84.1-1.module+el8+1964+02fb4d8f.src.rpm
    MD5: 54ecb838af4d1463a9aa00958b85e1f8
    SHA-256: dab4e1242b3f8729d7713b6627646ce12f5d6eeacd621e9eee876d0c201ac9f1
    Size: 1.27 MB
  4. conmon-2.1.10-1.module+el8+1964+02fb4d8f.src.rpm
    MD5: dde0fb4f32fff0ccdf30a485568a65d7
    SHA-256: 44ae95626eacb7dd891cf2eb4471c50b0ae9fc4a3a912f0f39664c193ebea945
    Size: 133.59 kB
  5. containernetworking-plugins-1.4.0-8.module+el8+1964+02fb4d8f.src.rpm
    MD5: 448237d2ac548cfd9666a7e8e3107423
    SHA-256: 38e5b7bc6faedaaf19dda52bbec296fa7f4a322ab655f7199fdb8a7f2ff7aa3b
    Size: 3.62 MB
  6. containers-common-1-82.module+el8+1964+02fb4d8f.src.rpm
    MD5: c9863cc97f9545f502c12f0fdcac052f
    SHA-256: 81781cf089b132010f570c2f00501b9e6b1214e49b6a50080a08082a8918c2d3
    Size: 145.63 kB
  7. container-selinux-2.229.0-2.module+el8+1964+02fb4d8f.src.rpm
    MD5: c3836b06d64bd615c985de115214306e
    SHA-256: b02117fbc5c0e00ea1b05bc4dd84038bde18c0759d93d50b22c6349a28418d8c
    Size: 65.58 kB
  8. criu-3.18-5.module+el8+1964+02fb4d8f.src.rpm
    MD5: dec6f18c039168ae1191112066afef73
    SHA-256: 9134c1997c96f85644908d0bd96d28956c82a0a52e7a674d3e8ceb08207b783f
    Size: 1.32 MB
  9. crun-1.14.3-2.module+el8+1964+02fb4d8f.src.rpm
    MD5: 24a2b2b57ef2fcbc239797b36f19f784
    SHA-256: 6051531be6f7d5489e3fa5622a8829cd245b859e55a9798ba83be8c87a798f2e
    Size: 1.68 MB
  10. fuse-overlayfs-1.13-1.module+el8+1964+02fb4d8f.src.rpm
    MD5: 4c350e1c9aae9f240563f300623a75c1
    SHA-256: 5f33a836c1ac7f0115934f21686d8bf44d503a590fc9708b70bdc2aa65fb162f
    Size: 112.28 kB
  11. libslirp-4.4.0-2.module+el8+1964+02fb4d8f.src.rpm
    MD5: 21d83807213b27e94fc944f1160dcc51
    SHA-256: dd6653ea0ec952e1398a225e61e830e8577056e6afafdbbd5f063e6f3987b70a
    Size: 114.97 kB
  12. netavark-1.10.3-1.module+el8+1964+02fb4d8f.src.rpm
    MD5: cb9c698c3b6f4d97a4216616ecaace66
    SHA-256: 6cc1aabdd5af00c53cafd96a42c5f2a070bf6f70140ad86243c43fb668b7efb5
    Size: 15.51 MB
  13. oci-seccomp-bpf-hook-1.2.10-1.module+el8+1964+02fb4d8f.src.rpm
    MD5: c510ee6b205c9e52c0b1fe419b981145
    SHA-256: 07cf3691777840f6cc9ba1ca61a559d42b268f7cec9b4e5fa91e7e35548eea84
    Size: 1.43 MB
  14. podman-4.9.4-30.module+el8+1964+02fb4d8f.src.rpm
    MD5: be616e65e0549ddefb6b36d71624736b
    SHA-256: 036aa2e907ff0b0ac8c8679d0059c9b8c6b7471a5a1a4a9263da9714189ff91c
    Size: 32.72 MB
  15. python-podman-4.9.0-3.module+el8+1964+02fb4d8f.src.rpm
    MD5: 6fbb71691741399de5ea717be3db4e94
    SHA-256: 7e97129f92e8b676470d25e5a74a33f25e64dcbc74f1d03d63004c06ab70ea71
    Size: 188.74 kB
  16. runc-1.2.9-4.module+el8+1964+02fb4d8f.src.rpm
    MD5: c0aad3f62e334def3739772b51294205
    SHA-256: 519be9db5f14e99219450fe3940e0b19c63665f0c322ed7825c4582e0a2ef735
    Size: 2.63 MB
  17. skopeo-1.14.5-7.module+el8+1964+02fb4d8f.src.rpm
    MD5: 755719f5bf3f31e018023d1ebbab0507
    SHA-256: deb6bac159b6fcdebbae4a7ea327d15eaf0c9fe4cdddf83a81f27409bab38478
    Size: 10.00 MB
  18. slirp4netns-1.2.3-1.module+el8+1964+02fb4d8f.src.rpm
    MD5: 2e8f10f92f5bcde9640836a15527c6eb
    SHA-256: 2f217efb0a64b95edd541ded8ca4c6bc1fab227b6cf538314c2ac66e683ef021
    Size: 76.05 kB
  19. toolbox-0.0.99.5.1-1.module+el8+1964+02fb4d8f.src.rpm
    MD5: 4ea6d02a3d8f3ea62cd8517ef595a8b4
    SHA-256: e2155d558dd5818777cdd1c6a78dfe11ff9dd842d6e7a83ef8bd9df3fae70b18
    Size: 1.10 MB
  20. udica-0.2.6-21.module+el8+1964+02fb4d8f.src.rpm
    MD5: 43e8588bfeb222ad96b7b437fd8f8311
    SHA-256: 6fb8792840cb6512f35ef926e86e18949fd60e0af3db695373c68eb0ee2210ef
    Size: 134.32 kB

Asianux Server 8 for x86_64
  1. aardvark-dns-1.10.1-2.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 69dce85489ef978843c7843719cb7507
    SHA-256: 3d722a4c1f8b8c64876a6a6b13c33373a29180dcbeec686838e4e03acfc6cc2b
    Size: 0.97 MB
  2. buildah-1.33.14-3.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: ea898f38818742ef5b89e7867e06fdd7
    SHA-256: 95143a51ccde7a9f46d0f6c0ecc1d23133c7150d9cde9cf833c587184de09f3b
    Size: 10.29 MB
  3. buildah-debugsource-1.33.14-3.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 8274fdc84cbf52f7bc6ae962493e7b3b
    SHA-256: ca7e34305a8ca8295b61ecc618a0941b7db46723e1bd8a4dd5712ed43b3ba330
    Size: 6.20 MB
  4. buildah-tests-1.33.14-3.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: d1965c382897be17f848701c4c3616f5
    SHA-256: 93b3c8bb00f358efee4c0069969c6a78e1d36a2207466462a7c6b92eb45741f6
    Size: 32.80 MB
  5. cockpit-podman-84.1-1.module+el8+1964+02fb4d8f.noarch.rpm
    MD5: 88d3c44ef469d6847e0621dfb5e71406
    SHA-256: e09ec327284321107d5d7b08b63e0530116b1a349e84adf155b44dc03c991765
    Size: 682.92 kB
  6. conmon-2.1.10-1.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: aecc18e0d205c31be672571866946faa
    SHA-256: 4bfb0e109dd7b454c4dbe18a5bd19572e83a3b1293e15e91b3098eab19c56846
    Size: 56.82 kB
  7. conmon-debugsource-2.1.10-1.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 02e948c35fd3e5f33aaddd5608c3f0de
    SHA-256: 74cfd9a72b8331a056b75224713adc1cfeaeeecac992768f58b87357dcd276f5
    Size: 50.46 kB
  8. containernetworking-plugins-1.4.0-8.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 46105bf4e615d9a2405983666656b6e5
    SHA-256: 8e655e92b0c981f2dd4bbef08ae39497fd29ef49b6a77919c469bbad3b14c9cc
    Size: 25.19 MB
  9. containernetworking-plugins-debugsource-1.4.0-8.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 417c71c47148ad9476ad7c7422bb5b3e
    SHA-256: c36527d954c2e56e67ade309da72fdc89ca74a72347ce4b585d4059b88e8dcd6
    Size: 430.25 kB
  10. containers-common-1-82.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 38f6b4f8bd1702a9a7587df419692adb
    SHA-256: 7f1561c0b12166a92e8cf90917fd1072bfcc6cdfdd1bad9744486cdba7ee6715
    Size: 142.03 kB
  11. container-selinux-2.229.0-2.module+el8+1964+02fb4d8f.noarch.rpm
    MD5: 8893804337731c1178c694eef24208b4
    SHA-256: be71aad843dc7d326dfe9f1b2b683979d860ca420c25f8eda5f6dc1d2d0b53bf
    Size: 69.43 kB
  12. crit-3.18-5.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 59dabd50fee6bdd924f88f975fd22bcf
    SHA-256: a03af32b57b11979fad569f833a411b7ad5b1f7f33545d27610d05a2c492cd38
    Size: 22.12 kB
  13. criu-3.18-5.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 791acebcccc5d6541a6f80b57e8fb0d3
    SHA-256: fdb9079230d593dd566f27bbcc9c74473a4dcfb1205dfc9b0d0867d1eb27194a
    Size: 563.11 kB
  14. criu-debugsource-3.18-5.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 06f23efabc7ed28fe3e264a541284dd5
    SHA-256: f3b5acf793f325465fbc2c8fb80fe2b2e891e140d91e32af55849b6378d1c2a5
    Size: 729.73 kB
  15. criu-devel-3.18-5.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: eb1c420b9977ea90d35ab64acb42482c
    SHA-256: d06f042ebd7209332c7a8db54bfbcf51d270d793c668aa347bd5ed1ea1408207
    Size: 28.23 kB
  16. criu-libs-3.18-5.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: cf43870b41696c03f881bf934936c46e
    SHA-256: 465ed538b3607448f7aae40d14a09b7e4787f5d70fa01f333f0c27a7bb8cf0b2
    Size: 38.15 kB
  17. crun-1.14.3-2.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 8c258b301f989c464da7b171ec6b3537
    SHA-256: 9c4311daf2d4e848f7f55f174dab09b2bb946c4999c69421c8f354e3eb9aa04c
    Size: 256.55 kB
  18. crun-debugsource-1.14.3-2.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: e30d6732d0e538f6486ea570c2101bd9
    SHA-256: c30a905bbe91a8393a198604426b426b39226d8ef03c1de7d0038196df1dabb6
    Size: 204.13 kB
  19. fuse-overlayfs-1.13-1.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 774a016a1b500d3abad04fecce889806
    SHA-256: d2781a04b73f1e3c0b1c0c96b2e6db4ab9513272155e652391581c5bc45defc0
    Size: 68.72 kB
  20. fuse-overlayfs-debugsource-1.13-1.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 9399914df165b99554100cfad25c669a
    SHA-256: 90891ee34bf5c80c9d0e923562623287a3732f63b05d440bf8d8298504cd471a
    Size: 55.61 kB
  21. libslirp-4.4.0-2.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: f234797fece73a3d294df29934be8fc0
    SHA-256: 4efcc63bdc08af80b1da0b79ddc045121c9ed831f7d8f81175a3df84d3a28feb
    Size: 69.27 kB
  22. libslirp-debugsource-4.4.0-2.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 44e352c35636b159ca972c99decf34dc
    SHA-256: 0d120dfda4b0e323bb75593d54e9513f8f3552baca6bb28ef27234b7ad5fd3ad
    Size: 114.55 kB
  23. libslirp-devel-4.4.0-2.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: e72a1a33326b804fee7fb084afc1bab6
    SHA-256: b5467f4e5cb12a36bb4f0ea60d4c0f03c8eca3435e173394591c2d432b1d531d
    Size: 11.41 kB
  24. netavark-1.10.3-1.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: cf5dffd12b010634e5a57c0fc0a26bd8
    SHA-256: e8b6127bf654384432f90e158ca2e9b81949b73da3e95ae3ea79c44efc501534
    Size: 4.08 MB
  25. oci-seccomp-bpf-hook-1.2.10-1.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: a2437a2fabecbe784b3fd495fee59fc1
    SHA-256: 65a8c77b04bcf03863fe224ab577611dded272e401ef2e90210558301e671384
    Size: 1.28 MB
  26. oci-seccomp-bpf-hook-debugsource-1.2.10-1.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 637bd4004491b5511f6eb16cfefbf296
    SHA-256: e2aacdf3893ae94a281f7512c9003aa269c1364110f76e8fce702e86cbbb5fe1
    Size: 247.94 kB
  27. podman-4.9.4-30.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 19c98d62961abdffcc418de59c2dd550
    SHA-256: 103543c084b752b099d79e6b6165c93363fdf70850edf24e653f1f32bb54d7c9
    Size: 16.90 MB
  28. podman-catatonit-4.9.4-30.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: df97b617900ffe8d808ba49720aaf9d9
    SHA-256: 24e2d098d4331330a96c2190f894f40d30b3f30a5b7638610830c8ac26798790
    Size: 380.55 kB
  29. podman-debugsource-4.9.4-30.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 6fde50d6cd4f6a1d74e6ee07623302f3
    SHA-256: ee8049548167fa174b0584b1aa13a02c1d6c04783e083ba163e2343492c402a4
    Size: 9.29 MB
  30. podman-docker-4.9.4-30.module+el8+1964+02fb4d8f.noarch.rpm
    MD5: 4d6f699ff9d0bf3ed832d821136606f0
    SHA-256: 3a42a6fdeccd4228d566f501a3df52446183a34d7a94146e11cc0c928ef620f4
    Size: 118.15 kB
  31. podman-gvproxy-4.9.4-30.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 63997e2578024488af8185ae904a72f9
    SHA-256: 0133ed2c01e851bee63ff27cd5dc1a190050618a1b7336ac119734e3c3035a97
    Size: 4.27 MB
  32. podman-plugins-4.9.4-30.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 7a97ea928e8f0df82a6b2e4b6670b82c
    SHA-256: d2bf31aa3ea95028c4921d683517f526762cd5f5c5d1e5965eb588dd0a8ff832
    Size: 1.52 MB
  33. podman-remote-4.9.4-30.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: b3b7eecddd57304869f43964dd64cdcd
    SHA-256: df13e4824e0607f50683f8fd708c9f9de4894917de78e6e0f3e556e7e4d395c9
    Size: 10.92 MB
  34. podman-tests-4.9.4-30.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 7f7b455767264c0d3ffb894f85bd594d
    SHA-256: 19bb322fe9609e30b0f4e288f60f7c607d241ae1ce993ebc40d87eb554ef2651
    Size: 270.41 kB
  35. python3-criu-3.18-5.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 07584e4c0c67728112667222555df344
    SHA-256: 2c6d885f6c3dd36b29864a829714ce2fae87864aee980c07943701ece72c5b0e
    Size: 177.27 kB
  36. python3-podman-4.9.0-3.module+el8+1964+02fb4d8f.noarch.rpm
    MD5: 846ee95d1e0e13df782713828a5a3c9e
    SHA-256: 4bf5b4c8df5260dd82a4dc075aaa0ac73d55947a65cecbd7e72eb547e198be7e
    Size: 155.52 kB
  37. runc-1.2.9-4.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 781218145f78efba88c98551cdd9cf01
    SHA-256: e3d77c2dcb2ecaa8b5a8cad92d6c859062f09f8a3f618c0c056df545937d82b3
    Size: 3.85 MB
  38. runc-debugsource-1.2.9-4.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 844e646ac25c3c354244abfc14e44cb7
    SHA-256: ae89be1dc1d34425383ea9cdaf3c968eb714b6ab062c01867dac4a6ebe38ccb8
    Size: 1.03 MB
  39. skopeo-1.14.5-7.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 9fad5a2868622e94608fdce163367e6b
    SHA-256: a53e0b802723973f0b6754991e55af55f429aadc8767d1f8022ef2dd95fde76e
    Size: 9.40 MB
  40. skopeo-tests-1.14.5-7.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 0736b6eed0b3484882d459403e87abbc
    SHA-256: e2ff7e4713ed3e04cdee7b1a5706fcfb9535bc68872f665a891a4d6657d90aa7
    Size: 785.80 kB
  41. slirp4netns-1.2.3-1.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: b70d5acce59767246ac1bbf62f0a632c
    SHA-256: 78f7e26c7869480911a6609f74098b2c206700712ccc8e26dc7d724f0012caba
    Size: 54.91 kB
  42. slirp4netns-debugsource-1.2.3-1.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 8ae09796b434d5b4805704a0172be654
    SHA-256: 4dd630905231b1abfc8fafc642d3da6ef1d9d1bec6fdc7e739fe8271631f7ac6
    Size: 43.73 kB
  43. toolbox-0.0.99.5.1-1.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 3f362f703373da811f326132bd2b11a2
    SHA-256: 1c2440e30cd9d53562f9fa84dc742c4df81855ddd7d0d238cc2c356ffbdfa268
    Size: 3.01 MB
  44. toolbox-debugsource-0.0.99.5.1-1.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 23f016464048eaa11731c6edcd665894
    SHA-256: ec06ea0954be507e3c2fb477a9ec6677902266c36897b4022ccebe1c93f5e8a7
    Size: 572.66 kB
  45. toolbox-tests-0.0.99.5.1-1.module+el8+1964+02fb4d8f.x86_64.rpm
    MD5: 11925cab77ddbec15ff095026335fb84
    SHA-256: 50ece7773f52ef7550aee83cc54d18f28683052cd900b7bc4cd5537bba8259d5
    Size: 43.96 kB
  46. udica-0.2.6-21.module+el8+1964+02fb4d8f.noarch.rpm
    MD5: 4d848fec5233c6b2c0672a05ade1da27
    SHA-256: fc8a44775e6d3c11b3c81e796f4df4a5269b1de369e64084e57373b5b6b425e1
    Size: 48.26 kB