[ALSA-2026:37123] Important: podman security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2026-07-13
Description:
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate (CVE-2026-39835) * golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters (CVE-2026-39829) * golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions (CVE-2026-39832) * golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey (CVE-2026-42508) * golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass (CVE-2026-27136) * golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting (CVE-2026-25681) * podman: Podman: Information disclosure via malicious container image environment variables (CVE-2026-57231) Bug Fix(es) and Enhancement(s): * podman does not clean up all files and leaves orphaned files consuming disk space [almalinux-9.8.z] (JIRA:AlmaLinux-173988) * [FJ9.8 Bug]: [REG]The "podman-remote save" command fails for rootless users. [almalinux-9.8.z] (JIRA:AlmaLinux-192439) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 podman-tests-5.8.2-4.el9_8.aarch64.rpm 6842444600cfeca9057045a9c8f88507a300096821d72f489d4125bd5efc927c
aarch64 podman-remote-5.8.2-4.el9_8.aarch64.rpm 6ea0c05046f8ffb2f04f88ba9df1b3ece9a6cb69143e547a8c9b6b5c21b5b4c1
aarch64 podman-5.8.2-4.el9_8.aarch64.rpm a0ee8ccb90d7e984dc94a4b3c68dff9ab5251af0c7b27fb3f0f505c2987cf4ad
aarch64 podman-plugins-5.8.2-4.el9_8.aarch64.rpm f618db8197ec9b81bd9970c90e3742c4634066f71ee9f3fa5f3e19838cb69291
noarch podman-docker-5.8.2-4.el9_8.noarch.rpm c8fc0fc3eb88364d645aca2cfaadcbcbc1af1a30567728916ae77481d5b25e34
ppc64le podman-plugins-5.8.2-4.el9_8.ppc64le.rpm 00bd943c70cae251929b3563ad634ab904f362458d8cc9fa865a27abf34d6379
ppc64le podman-remote-5.8.2-4.el9_8.ppc64le.rpm 0f208ae7a3e941e826b0e63f19bd9714de122a5a0087fefacccd7ba85148e070
ppc64le podman-tests-5.8.2-4.el9_8.ppc64le.rpm 345e63f3b69cd024eff53bc0f7c36602f81c88bb6a1303c526491dd241c04abd
ppc64le podman-5.8.2-4.el9_8.ppc64le.rpm 584f6b908cc7e7764a40b1471ae849afb256cde6deeff31486dfe055e38c3d2c
s390x podman-tests-5.8.2-4.el9_8.s390x.rpm 0d68fc24b5b07dad79e1e7613075d5a60eb695b5ddc9ae6dd5dcb9fc4daa7646
s390x podman-remote-5.8.2-4.el9_8.s390x.rpm 522eb88fcadd2601962c29e00fa5140a724d467ef8abacbbafba1f0e75caebc9
s390x podman-plugins-5.8.2-4.el9_8.s390x.rpm 676057b698495edebceecaa0d54c2fccccd01d8e7493306411cb9ea847f6dc54
s390x podman-5.8.2-4.el9_8.s390x.rpm 844eac96e15c1bf2d915c5bb331b049231a6dcdec7d28c0287ad97ad5ba226bd
x86_64 podman-5.8.2-4.el9_8.x86_64.rpm 302afaae502eb927cb41faf9db99d0b7d7abfc7f52a4773eeda7c49f378d383e
x86_64 podman-plugins-5.8.2-4.el9_8.x86_64.rpm 92b5512dc4cd7cb174676edbcdf62289cde0aa5c3cad50d1ab843a06a2a83fc5
x86_64 podman-tests-5.8.2-4.el9_8.x86_64.rpm 9690cf8817a8ae6303e7d492d1bc8dffd8c24e1410e9dd59219758eade17fbab
x86_64 podman-remote-5.8.2-4.el9_8.x86_64.rpm cf3650ffb617fe230c1cf4e51606f73c8039ffdb608d31d0d85e4f58987a1bcb
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.