Anolis OS update for container-tools:an8 module



Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2025-22869
CWE-ID CWE-400
Exploitation vector Network
Public exploit N/A
Vulnerable software
 Anolis OS
Operating systems & Components / Operating system

podman-docker
Operating systems & Components / Operating system package or component

runc
Operating systems & Components / Operating system package or component

podman-tests
Operating systems & Components / Operating system package or component

podman-remote
Operating systems & Components / Operating system package or component

podman-plugins
Operating systems & Components / Operating system package or component

podman-gvproxy
Operating systems & Components / Operating system package or component

podman-catatonit
Operating systems & Components / Operating system package or component

podman
Operating systems & Components / Operating system package or component

buildah-tests
Operating systems & Components / Operating system package or component

buildah
Operating systems & Components / Operating system package or component

python3-podman
Operating systems & Components / Operating system package or component

skopeo-tests
Operating systems & Components / Operating system package or component

skopeo
Operating systems & Components / Operating system package or component

containers-common
Operating systems & Components / Operating system package or component

containernetworking-plugins
Operating systems & Components / Operating system package or component

aardvark-dns
Operating systems & Components / Operating system package or component

udica
Operating systems & Components / Operating system package or component

container-selinux
Operating systems & Components / Operating system package or component

cockpit-podman
Operating systems & Components / Operating system package or component

toolbox-tests
Operating systems & Components / Operating system package or component

toolbox
Operating systems & Components / Operating system package or component

slirp4netns
Operating systems & Components / Operating system package or component

python3-criu
Operating systems & Components / Operating system package or component

oci-seccomp-bpf-hook
Operating systems & Components / Operating system package or component

netavark
Operating systems & Components / Operating system package or component

libslirp-devel
Operating systems & Components / Operating system package or component

libslirp
Operating systems & Components / Operating system package or component

fuse-overlayfs
Operating systems & Components / Operating system package or component

crun
Operating systems & Components / Operating system package or component

criu-libs
Operating systems & Components / Operating system package or component

criu-devel
Operating systems & Components / Operating system package or component

criu
Operating systems & Components / Operating system package or component

crit
Operating systems & Components / Operating system package or component

conmon
Operating systems & Components / Operating system package or component

Vendor OpenAnolis

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Resource exhaustion

EUVDB-ID: #VU105459

Risk: Low

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-22869

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the ssh package when handling clients that complete the key exchange slowly, or not at all. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-20.0.1

runc: before 1.1.12-6.0.1

podman-tests: before 4.9.4-20.0.1

podman-remote: before 4.9.4-20.0.1

podman-plugins: before 4.9.4-20.0.1

podman-gvproxy: before 4.9.4-20.0.1

podman-catatonit: before 4.9.4-20.0.1

podman: before 4.9.4-20.0.1

buildah-tests: before 1.33.12-1

buildah: before 1.33.12-1

python3-podman: before 4.9.0-3

skopeo-tests: before 1.14.5-3.0.1

skopeo: before 1.14.5-3.0.1

containers-common: before 1-82.0.1

containernetworking-plugins: before 1.4.0-5.0.1

aardvark-dns: before 1.10.1-2.0.1

udica: before 0.2.6-21

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

conmon: before 2.1.10-1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2025:0147


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###