chore(deps): update registry.redhat.io/openshift4/ose-tools-rhel8 docker digest to 5ad1360 [security]

[red-hat-konflux-kflux-prd-rh02]

This PR contains the following updates:

Package	Update	Change
registry.redhat.io/openshift4/ose-tools-rhel8	digest	898540b -> 5ad1360

---

podman: buildah: Container breakout by using --jobs=2 and a race condition when building a malicious Containerfile

CVE-2024-11218

More information

Details

A vulnerability was found in podman build and buildah. This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2024-11218
• https://bugzilla.redhat.com/show_bug.cgi?id=2326231
• https://www.cve.org/CVERecord?id=CVE-2024-11218
• https://nvd.nist.gov/vuln/detail/CVE-2024-11218

---

libxml: use-after-free in xmlXIncludeAddNode

CVE-2022-49043

More information

Details

A flaw was found in libxml2 where improper handling of memory allocation failures in libxml2 can lead to crashes, memory leaks, or inconsistent states. While an attacker cannot directly control allocation failures, they may trigger denial-of-service conditions under extreme system stress.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2022-49043
• https://bugzilla.redhat.com/show_bug.cgi?id=2342118
• https://www.cve.org/CVERecord?id=CVE-2022-49043
• https://nvd.nist.gov/vuln/detail/CVE-2022-49043
• https://github.com/php/php-src/issues/17467
• https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b

---

libxslt: Use-After-Free in libxslt numbers.c

CVE-2025-24855

More information

Details

A flaw was found in libxslt numbers.c. This vulnerability allows a use-after-free, potentially leading to memory corruption or code execution via nested XPath evaluations where an XPath context node can be modified but not restored.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-24855
• https://bugzilla.redhat.com/show_bug.cgi?id=2352483
• https://www.cve.org/CVERecord?id=CVE-2025-24855
• https://nvd.nist.gov/vuln/detail/CVE-2025-24855
• https://gitlab.gnome.org/GNOME/libxslt/-/issues/128

---

libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2

CVE-2025-24928

More information

Details

A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-24928
• https://bugzilla.redhat.com/show_bug.cgi?id=2346421
• https://www.cve.org/CVERecord?id=CVE-2025-24928
• https://nvd.nist.gov/vuln/detail/CVE-2025-24928
• https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
• https://issues.oss-fuzz.com/issues/392687022

---

freetype: OOB write when attempting to parse font subglyph structures related to TrueType GX and variable font files

CVE-2025-27363

More information

Details

A flaw was found in FreeType. In affected versions, an out-of-bounds write condition may be triggered when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value, causing it to wrap around and allocate a heap buffer that is too small. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This issue could result in arbitrary code execution or other undefined behavior.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-27363
• https://bugzilla.redhat.com/show_bug.cgi?id=2351357
• https://www.cve.org/CVERecord?id=CVE-2025-27363
• https://nvd.nist.gov/vuln/detail/CVE-2025-27363
• https://www.facebook.com/security/advisories/cve-2025-27363
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog

---

golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html

CVE-2024-45338

More information

Details

A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2024-45338
• https://bugzilla.redhat.com/show_bug.cgi?id=2333122
• https://www.cve.org/CVERecord?id=CVE-2024-45338
• https://nvd.nist.gov/vuln/detail/CVE-2024-45338
• https://go.dev/cl/637536
• https://go.dev/issue/70906
• https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ
• https://pkg.go.dev/vuln/GO-2024-3333

---

golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

CVE-2025-30204

More information

Details

A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-30204
• https://bugzilla.redhat.com/show_bug.cgi?id=2354195
• https://www.cve.org/CVERecord?id=CVE-2025-30204
• https://nvd.nist.gov/vuln/detail/CVE-2025-30204
• https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3
• https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp
• https://pkg.go.dev/vuln/GO-2025-3553

---

libxml2: Use-After-Free in libxml2

CVE-2024-56171

More information

Details

A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2024-56171
• https://bugzilla.redhat.com/show_bug.cgi?id=2346416
• https://www.cve.org/CVERecord?id=CVE-2024-56171
• https://nvd.nist.gov/vuln/detail/CVE-2024-56171
• https://gitlab.gnome.org/GNOME/libxml2/-/issues/828

---

golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh

CVE-2025-22869

More information

Details

A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-22869
• https://bugzilla.redhat.com/show_bug.cgi?id=2348367
• https://www.cve.org/CVERecord?id=CVE-2025-22869
• https://nvd.nist.gov/vuln/detail/CVE-2025-22869
• https://go.dev/cl/652135
• https://go.dev/issue/71931
• https://pkg.go.dev/vuln/GO-2025-3487

---

libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList)

CVE-2024-55549

More information

Details

A flaw was found in libxslt. This vulnerability allows an attacker to trigger a use-after-free issue by excluding result prefixes.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2024-55549
• https://bugzilla.redhat.com/show_bug.cgi?id=2352484
• https://www.cve.org/CVERecord?id=CVE-2024-55549
• https://nvd.nist.gov/vuln/detail/CVE-2024-55549
• https://gitlab.gnome.org/GNOME/libxslt/-/issues/127

---

golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

CVE-2025-22868

More information

Details

A flaw was found in the golang.org/x/oauth2/jws package in the token parsing component. This vulnerability is made possible because of the use of strings.Split(token, ".") to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of . characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-22868
• https://bugzilla.redhat.com/show_bug.cgi?id=2348366
• https://www.cve.org/CVERecord?id=CVE-2025-22868
• https://nvd.nist.gov/vuln/detail/CVE-2025-22868
• https://go.dev/cl/652155
• https://go.dev/issue/71490
• https://pkg.go.dev/vuln/GO-2025-3488

---

grub2: net: Out-of-bounds write in grub_net_search_config_file()

CVE-2025-0624

More information

Details

A flaw was found in grub2. During the network boot process, when trying to search for the configuration file, grub copies data from a user controlled environment variable into an internal buffer using the grub_strcpy() function. During this step, it fails to consider the environment variable length when allocating the internal buffer, resulting in an out-of-bounds write. If correctly exploited, this issue may result in remote code execution through the same network segment grub is searching for the boot information, which can be used to by-pass secure boot protections.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-0624
• https://bugzilla.redhat.com/show_bug.cgi?id=2346112
• https://www.cve.org/CVERecord?id=CVE-2025-0624
• https://nvd.nist.gov/vuln/detail/CVE-2025-0624

---

kernel: HID: core: zero-initialize the report buffer

CVE-2024-50302

More information

Details

A vulnerability was found in the Linux kernel's driver for Human Interface Devices. This flaw allows an attacker to use a malicious input device to read information from the report buffer. This could be used to leak kernel memory, enabling the exploitation of additional vulnerabilities.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2024-50302
• https://bugzilla.redhat.com/show_bug.cgi?id=2327169
• https://www.cve.org/CVERecord?id=CVE-2024-50302
• https://nvd.nist.gov/vuln/detail/CVE-2024-50302
• https://lore.kernel.org/linux-cve-announce/2024111908-CVE-2024-50302-f677@​gregkh/T
• https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog

---

kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

CVE-2024-53104

More information

Details

A vulnerability was found in the Linux kernel's USB Video Class driver. A buffer for video frame data is allocated, which does not account for all of the frame formats contained in a video stream, leading to an out-of-bounds write when a stream includes frames with an undefined format. An attacker who is able to influence the format of video streams captured by a system's USB video device could exploit this flaw to alter system memory and potentially escalate their privileges or execute arbitrary code.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2024-53104
• https://bugzilla.redhat.com/show_bug.cgi?id=2329817
• https://www.cve.org/CVERecord?id=CVE-2024-53104
• https://nvd.nist.gov/vuln/detail/CVE-2024-53104
• https://access.redhat.com/articles/7107058
• https://lore.kernel.org/linux-cve-announce/2024120232-CVE-2024-53104-d781@​gregkh/T
• https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog

---

baremetal-operator/apis: Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD

CVE-2025-29781

More information

Details

A flaw was found in the Bare Metal Operator (BMO) Kubernetes API component. BMO enables users to load Secrets from arbitrary namespaces upon deployment of the namespace-scoped Custom Resource BMCEventSubscription. In affected versions, an adversary using a Kubernetes account with only namespace level roles (e.g. a tenant controlling a namespace) may create a BMCEventSubscription in their authorized namespace and then load Secrets from their unauthorized namespaces to another authorized namespace via the Baremetal Operator, which can lead to the exposure of secrets and credential information.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2025-29781
• https://bugzilla.redhat.com/show_bug.cgi?id=2353041
• https://www.cve.org/CVERecord?id=CVE-2025-29781
• https://nvd.nist.gov/vuln/detail/CVE-2025-29781
• https://github.com/metal3-io/baremetal-operator/commit/19f8443b1fe182f76dd81b43122e8dd102f8b94c
• https://github.com/metal3-io/baremetal-operator/pull/2321
• https://github.com/metal3-io/baremetal-operator/pull/2322
• https://github.com/metal3-io/baremetal-operator/security/advisories/GHSA-c98h-7hp9-v9hq
• https://github.com/metal3-io/metal3-docs/blob/main/design/baremetal-operator/bmc-events.md

---

kernel: ALSA: usb-audio: Fix out of bounds reads when finding clock sources

CVE-2024-53150

More information

Details

A vulnerability was found in the Linux kernel's USB Audio driver. This flaw can allow an attacker with physical access to the system to use a malicious USB device to gain additional access. This is possible by reading arbitrary system memory.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2024-53150
• https://bugzilla.redhat.com/show_bug.cgi?id=2333971
• https://www.cve.org/CVERecord?id=CVE-2024-53150
• https://nvd.nist.gov/vuln/detail/CVE-2024-53150
• https://lore.kernel.org/linux-cve-announce/2024122427-CVE-2024-53150-3a7d@gregkh/T
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog

---

kernel: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

CVE-2024-53197

More information

Details

A vulnerability was found in the Linux kernel's USB Audio driver. This flaw allows an attacker with physical access to the system to use a malicious USB device to gain additional access. This is possible by manipulating system memory, potentially escalating privileges, or executing arbitrary code.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2024-53197
• https://bugzilla.redhat.com/show_bug.cgi?id=2334412
• https://www.cve.org/CVERecord?id=CVE-2024-53197
• https://nvd.nist.gov/vuln/detail/CVE-2024-53197
• https://lore.kernel.org/linux-cve-announce/2024122725-CVE-2024-53197-6aef@gregkh/T
• https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog

---

bind: bind9: Many records in the additional section cause CPU exhaustion

CVE-2024-11187

More information

Details

A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the 'Additional' section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an uncontrolled CPU resource scenario, ultimately resulting in the server not being able to attend new requests and causing a denial of service as a consequence.

Severity

Important

References

• https://access.redhat.com/security/cve/CVE-2024-11187
• https://bugzilla.redhat.com/show_bug.cgi?id=2342879
• https://www.cve.org/CVERecord?id=CVE-2024-11187
• https://nvd.nist.gov/vuln/detail/CVE-2024-11187

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

This PR has been generated by MintMaker (powered by Renovate Bot).

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux-kflux-prd-rh02[bot]
Once this PR has been reviewed and has the lgtm label, please assign lucifergene for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR.

I'm waiting for a openshift-pipelines member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.