What is the severity of RHSA-2025:3833?

RHSA-2025:3833 has been classified as an important security update affecting the gvisor-tap-vsock component.

How do I fix RHSA-2025:3833?

To remediate RHSA-2025:3833, you should update to gvisor-tap-vsock version 0.8.5-1.el9_5 or later.

Which systems are affected by RHSA-2025:3833?

RHSA-2025:3833 affects Red Hat Enterprise Linux for x86_64, IBM z Systems, ARM 64, and Power architectures.

What is gvisor-tap-vsock in the context of RHSA-2025:3833?

gvisor-tap-vsock is a networking component used by podman-machine virtual machines that provides features like configurable DNS and dynamic port forwarding.

Is there a specific version of gvisor-tap-vsock that addresses RHSA-2025:3833?

Yes, the recommended version to address RHSA-2025:3833 is gvisor-tap-vsock 0.8.5-1.el9_5.

Vulnerability/
RHSA-2025:3833

high

14/4/2025

RHSA-2025:3833: Important: gvisor-tap-vsock security update

First published: Mon Apr 14 2025(Updated: )

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding.<br>Security Fix(es):<br><li> golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux Server for IBM z Systems
Red Hat Enterprise Linux for ARM 64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support
redhat/gvisor-tap-vsock	<0.8.5-1.el9_5	0.8.5-1.el9_5
redhat/gvisor-tap-vsock	<0.8.5-1.el9_5	0.8.5-1.el9_5
redhat/gvisor-tap-vsock-debuginfo	<0.8.5-1.el9_5	0.8.5-1.el9_5
redhat/gvisor-tap-vsock-debugsource	<0.8.5-1.el9_5	0.8.5-1.el9_5
redhat/gvisor-tap-vsock-debuginfo	<0.8.5-1.el9_5	0.8.5-1.el9_5
redhat/gvisor-tap-vsock-debugsource	<0.8.5-1.el9_5	0.8.5-1.el9_5
redhat/gvisor-tap-vsock	<0.8.5-1.el9_5	0.8.5-1.el9_5
redhat/gvisor-tap-vsock-debuginfo	<0.8.5-1.el9_5	0.8.5-1.el9_5
redhat/gvisor-tap-vsock-debugsource	<0.8.5-1.el9_5	0.8.5-1.el9_5
redhat/gvisor-tap-vsock	<0.8.5-1.el9_5.aa	0.8.5-1.el9_5.aa
redhat/gvisor-tap-vsock-debuginfo	<0.8.5-1.el9_5.aa	0.8.5-1.el9_5.aa
redhat/gvisor-tap-vsock-debugsource	<0.8.5-1.el9_5.aa	0.8.5-1.el9_5.aa

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of RHSA-2025:3833?
RHSA-2025:3833 has been classified as an important security update affecting the gvisor-tap-vsock component.
How do I fix RHSA-2025:3833?
To remediate RHSA-2025:3833, you should update to gvisor-tap-vsock version 0.8.5-1.el9_5 or later.
Which systems are affected by RHSA-2025:3833?
RHSA-2025:3833 affects Red Hat Enterprise Linux for x86_64, IBM z Systems, ARM 64, and Power architectures.
What is gvisor-tap-vsock in the context of RHSA-2025:3833?
gvisor-tap-vsock is a networking component used by podman-machine virtual machines that provides features like configurable DNS and dynamic port forwarding.
Is there a specific version of gvisor-tap-vsock that addresses RHSA-2025:3833?
Yes, the recommended version to address RHSA-2025:3833 is gvisor-tap-vsock 0.8.5-1.el9_5.

collector/redhat-errata-latest
source/Red Hat
anchor-id/RHSA-2025:3833
agent/software-canonical-lookup
agent/severity
agent/source
agent/references
agent/last-modified-date
agent/title
agent/remedy
collector/redhat-errata
agent/description
agent/tags
agent/type
agent/first-publish-date
agent/softwarecombine
agent/event
vendor/red hat
canonical/red hat enterprise linux 8
canonical/red hat enterprise linux server for ibm z systems
canonical/red hat enterprise linux for arm 64
canonical/red hat enterprise linux for power, little endian - extended update support
package-manager/redhat