RHSA-2026:1067
Vulnerability from csaf_redhat - Published: 2026-01-23 16:45 - Updated: 2026-01-27 03:33Summary
Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.10.1
Notes
Topic
Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.10.1 General Availability release, with updates to container images.
Details
Assisted Installer RHEL 9 integrates components for the general multicluster engine
for Kubernetes 2.10.1 release that simplify the process of deploying OpenShift Container
Platform clusters.
The multicluster engine for Kubernetes provides the foundational components
that are necessary for the centralized management of multiple
Kubernetes-based clusters across data centers, public clouds, and private
clouds.
You can use the engine to create new Red Hat OpenShift Container Platform
clusters, or to import existing Kubernetes-based clusters for management.
After the clusters are managed, you can use the APIs that
are provided by the engine to distribute configuration based on placement
policy.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.10.1 General Availability release, with updates to container images.",
"title": "Topic"
},
{
"category": "general",
"text": "Assisted Installer RHEL 9 integrates components for the general multicluster engine\nfor Kubernetes 2.10.1 release that simplify the process of deploying OpenShift Container\nPlatform clusters.\n\nThe multicluster engine for Kubernetes provides the foundational components\nthat are necessary for the centralized management of multiple\nKubernetes-based clusters across data centers, public clouds, and private\nclouds.\n\nYou can use the engine to create new Red Hat OpenShift Container Platform\nclusters, or to import existing Kubernetes-based clusters for management.\n\nAfter the clusters are managed, you can use the APIs that\nare provided by the engine to distribute configuration based on placement\npolicy.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:1067",
"url": "https://access.redhat.com/errata/RHSA-2026:1067"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-58183",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1067.json"
}
],
"title": "Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.10.1",
"tracking": {
"current_release_date": "2026-01-27T03:33:00+00:00",
"generator": {
"date": "2026-01-27T03:33:00+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2026:1067",
"initial_release_date": "2026-01-23T16:45:25+00:00",
"revision_history": [
{
"date": "2026-01-23T16:45:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-23T16:45:33+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-27T03:33:00+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "multicluster engine for Kubernetes 2.1",
"product": {
"name": "multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:multicluster_engine:2.10::el9"
}
}
}
],
"category": "product_family",
"name": "multicluster engine for Kubernetes"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:714eb1dd5584cd29486941948900b22073b7b29d977223217d26f5c8e8a12d20_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:714eb1dd5584cd29486941948900b22073b7b29d977223217d26f5c8e8a12d20_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:714eb1dd5584cd29486941948900b22073b7b29d977223217d26f5c8e8a12d20_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3A714eb1dd5584cd29486941948900b22073b7b29d977223217d26f5c8e8a12d20?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767791044"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8381de8617ed14939a3631df259d73bf5afb8e9a04acdd3b35d513832f05d349_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8381de8617ed14939a3631df259d73bf5afb8e9a04acdd3b35d513832f05d349_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8381de8617ed14939a3631df259d73bf5afb8e9a04acdd3b35d513832f05d349_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3A8381de8617ed14939a3631df259d73bf5afb8e9a04acdd3b35d513832f05d349?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767645768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:37771b30d0ba1cd9a337f0f349915ee97ed75533c8204b82ece864237f156175_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:37771b30d0ba1cd9a337f0f349915ee97ed75533c8204b82ece864237f156175_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:37771b30d0ba1cd9a337f0f349915ee97ed75533c8204b82ece864237f156175_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3A37771b30d0ba1cd9a337f0f349915ee97ed75533c8204b82ece864237f156175?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767710870"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7b91b06e9b39fdf9d6c01880ddfccd55a19697bda32560da0ab3c5670e5a6a16_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7b91b06e9b39fdf9d6c01880ddfccd55a19697bda32560da0ab3c5670e5a6a16_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7b91b06e9b39fdf9d6c01880ddfccd55a19697bda32560da0ab3c5670e5a6a16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3A7b91b06e9b39fdf9d6c01880ddfccd55a19697bda32560da0ab3c5670e5a6a16?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767645765"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2288124d06509b7279752cadc990fe95ecc5ba31b8e7e32e6e314906db4910d1_amd64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2288124d06509b7279752cadc990fe95ecc5ba31b8e7e32e6e314906db4910d1_amd64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2288124d06509b7279752cadc990fe95ecc5ba31b8e7e32e6e314906db4910d1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3A2288124d06509b7279752cadc990fe95ecc5ba31b8e7e32e6e314906db4910d1?arch=amd64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767776379"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:d9f2e7956c07d739601ebf49bd88b780bcb7e9bb7ddd10702494b2fe05ad0127_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:d9f2e7956c07d739601ebf49bd88b780bcb7e9bb7ddd10702494b2fe05ad0127_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:d9f2e7956c07d739601ebf49bd88b780bcb7e9bb7ddd10702494b2fe05ad0127_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3Ad9f2e7956c07d739601ebf49bd88b780bcb7e9bb7ddd10702494b2fe05ad0127?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767791044"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4a373e416bdc5991b3af91ccb9d2f1e59a35dc9961d22b6275f43997f185e053_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4a373e416bdc5991b3af91ccb9d2f1e59a35dc9961d22b6275f43997f185e053_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4a373e416bdc5991b3af91ccb9d2f1e59a35dc9961d22b6275f43997f185e053_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3A4a373e416bdc5991b3af91ccb9d2f1e59a35dc9961d22b6275f43997f185e053?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767645768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:cb0e2935a6ef3f4b32909c9a7d2d38e7d5e8ddd1e6e85c687e1979c8b9cfeddb_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:cb0e2935a6ef3f4b32909c9a7d2d38e7d5e8ddd1e6e85c687e1979c8b9cfeddb_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:cb0e2935a6ef3f4b32909c9a7d2d38e7d5e8ddd1e6e85c687e1979c8b9cfeddb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3Acb0e2935a6ef3f4b32909c9a7d2d38e7d5e8ddd1e6e85c687e1979c8b9cfeddb?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767710870"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a20ab7ce49432e6aac36799b47a6fc7b5a70dd83afee29dec1aa02241ec377fd_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a20ab7ce49432e6aac36799b47a6fc7b5a70dd83afee29dec1aa02241ec377fd_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a20ab7ce49432e6aac36799b47a6fc7b5a70dd83afee29dec1aa02241ec377fd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3Aa20ab7ce49432e6aac36799b47a6fc7b5a70dd83afee29dec1aa02241ec377fd?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767645765"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:087bcc5e568383263411d646ecb4668a96e2848ac0bccaa0c968d569cf6a5272_arm64",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:087bcc5e568383263411d646ecb4668a96e2848ac0bccaa0c968d569cf6a5272_arm64",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:087bcc5e568383263411d646ecb4668a96e2848ac0bccaa0c968d569cf6a5272_arm64",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3A087bcc5e568383263411d646ecb4668a96e2848ac0bccaa0c968d569cf6a5272?arch=arm64\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767776379"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:3c60091c420140fcaf639709834c5faba4358592d41654bd962a438def90b221_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:3c60091c420140fcaf639709834c5faba4358592d41654bd962a438def90b221_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:3c60091c420140fcaf639709834c5faba4358592d41654bd962a438def90b221_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3A3c60091c420140fcaf639709834c5faba4358592d41654bd962a438def90b221?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767791044"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:b0569371f4d6f4c2aef4c0e0c83aecf9fc6446468ceb21f9f0101dc5f424ea79_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:b0569371f4d6f4c2aef4c0e0c83aecf9fc6446468ceb21f9f0101dc5f424ea79_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:b0569371f4d6f4c2aef4c0e0c83aecf9fc6446468ceb21f9f0101dc5f424ea79_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3Ab0569371f4d6f4c2aef4c0e0c83aecf9fc6446468ceb21f9f0101dc5f424ea79?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767645768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1d0ce55a5c5a06f022d5339cfea462a27c28f5cb5b0195dd3e39eb20af066da0_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1d0ce55a5c5a06f022d5339cfea462a27c28f5cb5b0195dd3e39eb20af066da0_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1d0ce55a5c5a06f022d5339cfea462a27c28f5cb5b0195dd3e39eb20af066da0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3A1d0ce55a5c5a06f022d5339cfea462a27c28f5cb5b0195dd3e39eb20af066da0?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767710870"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:cc73629265b39d674c8e3f8090f44a2bca712f158afcc7799df55961b7e47b05_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:cc73629265b39d674c8e3f8090f44a2bca712f158afcc7799df55961b7e47b05_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:cc73629265b39d674c8e3f8090f44a2bca712f158afcc7799df55961b7e47b05_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3Acc73629265b39d674c8e3f8090f44a2bca712f158afcc7799df55961b7e47b05?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767645765"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:fe12b1592f1a8110cf0163ee8652ebd37fc01d03f2bae75d24a27028113722e4_ppc64le",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:fe12b1592f1a8110cf0163ee8652ebd37fc01d03f2bae75d24a27028113722e4_ppc64le",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:fe12b1592f1a8110cf0163ee8652ebd37fc01d03f2bae75d24a27028113722e4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3Afe12b1592f1a8110cf0163ee8652ebd37fc01d03f2bae75d24a27028113722e4?arch=ppc64le\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767776379"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:4f6c253eaa6f15c2970d714555838a3fed3e8cded0551b3eabb9daa1646fc7a9_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:4f6c253eaa6f15c2970d714555838a3fed3e8cded0551b3eabb9daa1646fc7a9_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:4f6c253eaa6f15c2970d714555838a3fed3e8cded0551b3eabb9daa1646fc7a9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-image-service-rhel9@sha256%3A4f6c253eaa6f15c2970d714555838a3fed3e8cded0551b3eabb9daa1646fc7a9?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767791044"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c4305b26a17f98b4123f545aa74b2861d25a525ea7d58e88eab752718ce6e666_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c4305b26a17f98b4123f545aa74b2861d25a525ea7d58e88eab752718ce6e666_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c4305b26a17f98b4123f545aa74b2861d25a525ea7d58e88eab752718ce6e666_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-rhel9@sha256%3Ac4305b26a17f98b4123f545aa74b2861d25a525ea7d58e88eab752718ce6e666?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767645768"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:ce15aa42006eb617f3b0419a488e64c24ae5c1c3929db38bca0470588c35d507_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:ce15aa42006eb617f3b0419a488e64c24ae5c1c3929db38bca0470588c35d507_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:ce15aa42006eb617f3b0419a488e64c24ae5c1c3929db38bca0470588c35d507_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-agent-rhel9@sha256%3Ace15aa42006eb617f3b0419a488e64c24ae5c1c3929db38bca0470588c35d507?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767710870"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7e2b2c82b896d4c950ee54cc2e804c49640478fb749618152de0707354eedb3b_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7e2b2c82b896d4c950ee54cc2e804c49640478fb749618152de0707354eedb3b_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7e2b2c82b896d4c950ee54cc2e804c49640478fb749618152de0707354eedb3b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-installer-controller-rhel9@sha256%3A7e2b2c82b896d4c950ee54cc2e804c49640478fb749618152de0707354eedb3b?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767645765"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6aabbf6fa3820a7b452a8139438e35f19c602fde33679332d6fc29d086d132d6_s390x",
"product": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6aabbf6fa3820a7b452a8139438e35f19c602fde33679332d6fc29d086d132d6_s390x",
"product_id": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6aabbf6fa3820a7b452a8139438e35f19c602fde33679332d6fc29d086d132d6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/assisted-service-9-rhel9@sha256%3A6aabbf6fa3820a7b452a8139438e35f19c602fde33679332d6fc29d086d132d6?arch=s390x\u0026repository_url=registry.redhat.io/multicluster-engine\u0026tag=1767776379"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:3c60091c420140fcaf639709834c5faba4358592d41654bd962a438def90b221_ppc64le as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:3c60091c420140fcaf639709834c5faba4358592d41654bd962a438def90b221_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:3c60091c420140fcaf639709834c5faba4358592d41654bd962a438def90b221_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:4f6c253eaa6f15c2970d714555838a3fed3e8cded0551b3eabb9daa1646fc7a9_s390x as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:4f6c253eaa6f15c2970d714555838a3fed3e8cded0551b3eabb9daa1646fc7a9_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:4f6c253eaa6f15c2970d714555838a3fed3e8cded0551b3eabb9daa1646fc7a9_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:714eb1dd5584cd29486941948900b22073b7b29d977223217d26f5c8e8a12d20_amd64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:714eb1dd5584cd29486941948900b22073b7b29d977223217d26f5c8e8a12d20_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:714eb1dd5584cd29486941948900b22073b7b29d977223217d26f5c8e8a12d20_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:d9f2e7956c07d739601ebf49bd88b780bcb7e9bb7ddd10702494b2fe05ad0127_arm64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:d9f2e7956c07d739601ebf49bd88b780bcb7e9bb7ddd10702494b2fe05ad0127_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:d9f2e7956c07d739601ebf49bd88b780bcb7e9bb7ddd10702494b2fe05ad0127_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1d0ce55a5c5a06f022d5339cfea462a27c28f5cb5b0195dd3e39eb20af066da0_ppc64le as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1d0ce55a5c5a06f022d5339cfea462a27c28f5cb5b0195dd3e39eb20af066da0_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1d0ce55a5c5a06f022d5339cfea462a27c28f5cb5b0195dd3e39eb20af066da0_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:37771b30d0ba1cd9a337f0f349915ee97ed75533c8204b82ece864237f156175_amd64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:37771b30d0ba1cd9a337f0f349915ee97ed75533c8204b82ece864237f156175_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:37771b30d0ba1cd9a337f0f349915ee97ed75533c8204b82ece864237f156175_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:cb0e2935a6ef3f4b32909c9a7d2d38e7d5e8ddd1e6e85c687e1979c8b9cfeddb_arm64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:cb0e2935a6ef3f4b32909c9a7d2d38e7d5e8ddd1e6e85c687e1979c8b9cfeddb_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:cb0e2935a6ef3f4b32909c9a7d2d38e7d5e8ddd1e6e85c687e1979c8b9cfeddb_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:ce15aa42006eb617f3b0419a488e64c24ae5c1c3929db38bca0470588c35d507_s390x as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:ce15aa42006eb617f3b0419a488e64c24ae5c1c3929db38bca0470588c35d507_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:ce15aa42006eb617f3b0419a488e64c24ae5c1c3929db38bca0470588c35d507_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7b91b06e9b39fdf9d6c01880ddfccd55a19697bda32560da0ab3c5670e5a6a16_amd64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7b91b06e9b39fdf9d6c01880ddfccd55a19697bda32560da0ab3c5670e5a6a16_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7b91b06e9b39fdf9d6c01880ddfccd55a19697bda32560da0ab3c5670e5a6a16_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7e2b2c82b896d4c950ee54cc2e804c49640478fb749618152de0707354eedb3b_s390x as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7e2b2c82b896d4c950ee54cc2e804c49640478fb749618152de0707354eedb3b_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7e2b2c82b896d4c950ee54cc2e804c49640478fb749618152de0707354eedb3b_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a20ab7ce49432e6aac36799b47a6fc7b5a70dd83afee29dec1aa02241ec377fd_arm64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a20ab7ce49432e6aac36799b47a6fc7b5a70dd83afee29dec1aa02241ec377fd_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a20ab7ce49432e6aac36799b47a6fc7b5a70dd83afee29dec1aa02241ec377fd_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:cc73629265b39d674c8e3f8090f44a2bca712f158afcc7799df55961b7e47b05_ppc64le as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:cc73629265b39d674c8e3f8090f44a2bca712f158afcc7799df55961b7e47b05_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:cc73629265b39d674c8e3f8090f44a2bca712f158afcc7799df55961b7e47b05_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4a373e416bdc5991b3af91ccb9d2f1e59a35dc9961d22b6275f43997f185e053_arm64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4a373e416bdc5991b3af91ccb9d2f1e59a35dc9961d22b6275f43997f185e053_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4a373e416bdc5991b3af91ccb9d2f1e59a35dc9961d22b6275f43997f185e053_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8381de8617ed14939a3631df259d73bf5afb8e9a04acdd3b35d513832f05d349_amd64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8381de8617ed14939a3631df259d73bf5afb8e9a04acdd3b35d513832f05d349_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8381de8617ed14939a3631df259d73bf5afb8e9a04acdd3b35d513832f05d349_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:b0569371f4d6f4c2aef4c0e0c83aecf9fc6446468ceb21f9f0101dc5f424ea79_ppc64le as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:b0569371f4d6f4c2aef4c0e0c83aecf9fc6446468ceb21f9f0101dc5f424ea79_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:b0569371f4d6f4c2aef4c0e0c83aecf9fc6446468ceb21f9f0101dc5f424ea79_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c4305b26a17f98b4123f545aa74b2861d25a525ea7d58e88eab752718ce6e666_s390x as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c4305b26a17f98b4123f545aa74b2861d25a525ea7d58e88eab752718ce6e666_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c4305b26a17f98b4123f545aa74b2861d25a525ea7d58e88eab752718ce6e666_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:087bcc5e568383263411d646ecb4668a96e2848ac0bccaa0c968d569cf6a5272_arm64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:087bcc5e568383263411d646ecb4668a96e2848ac0bccaa0c968d569cf6a5272_arm64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:087bcc5e568383263411d646ecb4668a96e2848ac0bccaa0c968d569cf6a5272_arm64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2288124d06509b7279752cadc990fe95ecc5ba31b8e7e32e6e314906db4910d1_amd64 as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2288124d06509b7279752cadc990fe95ecc5ba31b8e7e32e6e314906db4910d1_amd64"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2288124d06509b7279752cadc990fe95ecc5ba31b8e7e32e6e314906db4910d1_amd64",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6aabbf6fa3820a7b452a8139438e35f19c602fde33679332d6fc29d086d132d6_s390x as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6aabbf6fa3820a7b452a8139438e35f19c602fde33679332d6fc29d086d132d6_s390x"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6aabbf6fa3820a7b452a8139438e35f19c602fde33679332d6fc29d086d132d6_s390x",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:fe12b1592f1a8110cf0163ee8652ebd37fc01d03f2bae75d24a27028113722e4_ppc64le as a component of multicluster engine for Kubernetes 2.1",
"product_id": "multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:fe12b1592f1a8110cf0163ee8652ebd37fc01d03f2bae75d24a27028113722e4_ppc64le"
},
"product_reference": "registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:fe12b1592f1a8110cf0163ee8652ebd37fc01d03f2bae75d24a27028113722e4_ppc64le",
"relates_to_product_reference": "multicluster engine for Kubernetes 2.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-29T23:01:50.573951+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:3c60091c420140fcaf639709834c5faba4358592d41654bd962a438def90b221_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:4f6c253eaa6f15c2970d714555838a3fed3e8cded0551b3eabb9daa1646fc7a9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:714eb1dd5584cd29486941948900b22073b7b29d977223217d26f5c8e8a12d20_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:d9f2e7956c07d739601ebf49bd88b780bcb7e9bb7ddd10702494b2fe05ad0127_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7b91b06e9b39fdf9d6c01880ddfccd55a19697bda32560da0ab3c5670e5a6a16_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7e2b2c82b896d4c950ee54cc2e804c49640478fb749618152de0707354eedb3b_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a20ab7ce49432e6aac36799b47a6fc7b5a70dd83afee29dec1aa02241ec377fd_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:cc73629265b39d674c8e3f8090f44a2bca712f158afcc7799df55961b7e47b05_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4a373e416bdc5991b3af91ccb9d2f1e59a35dc9961d22b6275f43997f185e053_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8381de8617ed14939a3631df259d73bf5afb8e9a04acdd3b35d513832f05d349_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:b0569371f4d6f4c2aef4c0e0c83aecf9fc6446468ceb21f9f0101dc5f424ea79_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c4305b26a17f98b4123f545aa74b2861d25a525ea7d58e88eab752718ce6e666_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:087bcc5e568383263411d646ecb4668a96e2848ac0bccaa0c968d569cf6a5272_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2288124d06509b7279752cadc990fe95ecc5ba31b8e7e32e6e314906db4910d1_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6aabbf6fa3820a7b452a8139438e35f19c602fde33679332d6fc29d086d132d6_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:fe12b1592f1a8110cf0163ee8652ebd37fc01d03f2bae75d24a27028113722e4_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2407258"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/tar package in the Go standard library. tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A specially crafted tar archive with a pax header indicating a big number of sparse regions can cause a Go program to try to allocate a large amount of memory, causing an out-of-memory condition and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, an attacker needs to be able to process a specially crafted GNU tar pax 1.0 archive with the application using the archive/tar package. Additionally, this issue can cause the Go application to allocate a large amount of memory, eventually leading to an out-of-memory condition and resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1d0ce55a5c5a06f022d5339cfea462a27c28f5cb5b0195dd3e39eb20af066da0_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:37771b30d0ba1cd9a337f0f349915ee97ed75533c8204b82ece864237f156175_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:cb0e2935a6ef3f4b32909c9a7d2d38e7d5e8ddd1e6e85c687e1979c8b9cfeddb_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:ce15aa42006eb617f3b0419a488e64c24ae5c1c3929db38bca0470588c35d507_s390x"
],
"known_not_affected": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:3c60091c420140fcaf639709834c5faba4358592d41654bd962a438def90b221_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:4f6c253eaa6f15c2970d714555838a3fed3e8cded0551b3eabb9daa1646fc7a9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:714eb1dd5584cd29486941948900b22073b7b29d977223217d26f5c8e8a12d20_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:d9f2e7956c07d739601ebf49bd88b780bcb7e9bb7ddd10702494b2fe05ad0127_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7b91b06e9b39fdf9d6c01880ddfccd55a19697bda32560da0ab3c5670e5a6a16_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7e2b2c82b896d4c950ee54cc2e804c49640478fb749618152de0707354eedb3b_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a20ab7ce49432e6aac36799b47a6fc7b5a70dd83afee29dec1aa02241ec377fd_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:cc73629265b39d674c8e3f8090f44a2bca712f158afcc7799df55961b7e47b05_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4a373e416bdc5991b3af91ccb9d2f1e59a35dc9961d22b6275f43997f185e053_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8381de8617ed14939a3631df259d73bf5afb8e9a04acdd3b35d513832f05d349_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:b0569371f4d6f4c2aef4c0e0c83aecf9fc6446468ceb21f9f0101dc5f424ea79_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c4305b26a17f98b4123f545aa74b2861d25a525ea7d58e88eab752718ce6e666_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:087bcc5e568383263411d646ecb4668a96e2848ac0bccaa0c968d569cf6a5272_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2288124d06509b7279752cadc990fe95ecc5ba31b8e7e32e6e314906db4910d1_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6aabbf6fa3820a7b452a8139438e35f19c602fde33679332d6fc29d086d132d6_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:fe12b1592f1a8110cf0163ee8652ebd37fc01d03f2bae75d24a27028113722e4_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-58183"
},
{
"category": "external",
"summary": "RHBZ#2407258",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2407258"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58183"
},
{
"category": "external",
"summary": "https://go.dev/cl/709861",
"url": "https://go.dev/cl/709861"
},
{
"category": "external",
"summary": "https://go.dev/issue/75677",
"url": "https://go.dev/issue/75677"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI",
"url": "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4014",
"url": "https://pkg.go.dev/vuln/GO-2025-4014"
}
],
"release_date": "2025-10-29T22:10:14.376000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-23T16:45:25+00:00",
"details": "For more information about Assisted Installer, see the following documentation:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/clusters/cluster_mce_overview#cim-intro\n\nFor multicluster engine for Kubernetes, see the following documentation for\ndetails on how to install the images:\n\nhttps://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.15/html/clusters/cluster_mce_overview#mce-install-intro\n\nThis documentation will be available after the general availability release of Red Hat Advanced Cluster Management 2.15.",
"product_ids": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1d0ce55a5c5a06f022d5339cfea462a27c28f5cb5b0195dd3e39eb20af066da0_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:37771b30d0ba1cd9a337f0f349915ee97ed75533c8204b82ece864237f156175_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:cb0e2935a6ef3f4b32909c9a7d2d38e7d5e8ddd1e6e85c687e1979c8b9cfeddb_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:ce15aa42006eb617f3b0419a488e64c24ae5c1c3929db38bca0470588c35d507_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:1067"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:3c60091c420140fcaf639709834c5faba4358592d41654bd962a438def90b221_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:4f6c253eaa6f15c2970d714555838a3fed3e8cded0551b3eabb9daa1646fc7a9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:714eb1dd5584cd29486941948900b22073b7b29d977223217d26f5c8e8a12d20_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:d9f2e7956c07d739601ebf49bd88b780bcb7e9bb7ddd10702494b2fe05ad0127_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1d0ce55a5c5a06f022d5339cfea462a27c28f5cb5b0195dd3e39eb20af066da0_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:37771b30d0ba1cd9a337f0f349915ee97ed75533c8204b82ece864237f156175_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:cb0e2935a6ef3f4b32909c9a7d2d38e7d5e8ddd1e6e85c687e1979c8b9cfeddb_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:ce15aa42006eb617f3b0419a488e64c24ae5c1c3929db38bca0470588c35d507_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7b91b06e9b39fdf9d6c01880ddfccd55a19697bda32560da0ab3c5670e5a6a16_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7e2b2c82b896d4c950ee54cc2e804c49640478fb749618152de0707354eedb3b_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a20ab7ce49432e6aac36799b47a6fc7b5a70dd83afee29dec1aa02241ec377fd_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:cc73629265b39d674c8e3f8090f44a2bca712f158afcc7799df55961b7e47b05_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4a373e416bdc5991b3af91ccb9d2f1e59a35dc9961d22b6275f43997f185e053_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8381de8617ed14939a3631df259d73bf5afb8e9a04acdd3b35d513832f05d349_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:b0569371f4d6f4c2aef4c0e0c83aecf9fc6446468ceb21f9f0101dc5f424ea79_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c4305b26a17f98b4123f545aa74b2861d25a525ea7d58e88eab752718ce6e666_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:087bcc5e568383263411d646ecb4668a96e2848ac0bccaa0c968d569cf6a5272_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2288124d06509b7279752cadc990fe95ecc5ba31b8e7e32e6e314906db4910d1_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6aabbf6fa3820a7b452a8139438e35f19c602fde33679332d6fc29d086d132d6_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:fe12b1592f1a8110cf0163ee8652ebd37fc01d03f2bae75d24a27028113722e4_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:3c60091c420140fcaf639709834c5faba4358592d41654bd962a438def90b221_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:4f6c253eaa6f15c2970d714555838a3fed3e8cded0551b3eabb9daa1646fc7a9_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:714eb1dd5584cd29486941948900b22073b7b29d977223217d26f5c8e8a12d20_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-image-service-rhel9@sha256:d9f2e7956c07d739601ebf49bd88b780bcb7e9bb7ddd10702494b2fe05ad0127_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:1d0ce55a5c5a06f022d5339cfea462a27c28f5cb5b0195dd3e39eb20af066da0_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:37771b30d0ba1cd9a337f0f349915ee97ed75533c8204b82ece864237f156175_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:cb0e2935a6ef3f4b32909c9a7d2d38e7d5e8ddd1e6e85c687e1979c8b9cfeddb_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-agent-rhel9@sha256:ce15aa42006eb617f3b0419a488e64c24ae5c1c3929db38bca0470588c35d507_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7b91b06e9b39fdf9d6c01880ddfccd55a19697bda32560da0ab3c5670e5a6a16_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:7e2b2c82b896d4c950ee54cc2e804c49640478fb749618152de0707354eedb3b_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:a20ab7ce49432e6aac36799b47a6fc7b5a70dd83afee29dec1aa02241ec377fd_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-controller-rhel9@sha256:cc73629265b39d674c8e3f8090f44a2bca712f158afcc7799df55961b7e47b05_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:4a373e416bdc5991b3af91ccb9d2f1e59a35dc9961d22b6275f43997f185e053_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:8381de8617ed14939a3631df259d73bf5afb8e9a04acdd3b35d513832f05d349_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:b0569371f4d6f4c2aef4c0e0c83aecf9fc6446468ceb21f9f0101dc5f424ea79_ppc64le",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-installer-rhel9@sha256:c4305b26a17f98b4123f545aa74b2861d25a525ea7d58e88eab752718ce6e666_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:087bcc5e568383263411d646ecb4668a96e2848ac0bccaa0c968d569cf6a5272_arm64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:2288124d06509b7279752cadc990fe95ecc5ba31b8e7e32e6e314906db4910d1_amd64",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:6aabbf6fa3820a7b452a8139438e35f19c602fde33679332d6fc29d086d132d6_s390x",
"multicluster engine for Kubernetes 2.1:registry.redhat.io/multicluster-engine/assisted-service-9-rhel9@sha256:fe12b1592f1a8110cf0163ee8652ebd37fc01d03f2bae75d24a27028113722e4_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…