Anolis OS update for container-tools:an8 module

Published: 2025-07-11

Risk	Medium
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2025-22871 CVE-2025-6032
CWE-ID	CWE-444 CWE-295
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Anolis OS Operating systems & Components / Operating system podman-docker Operating systems & Components / Operating system package or component skopeo-tests Operating systems & Components / Operating system package or component skopeo Operating systems & Components / Operating system package or component podman-tests Operating systems & Components / Operating system package or component podman-remote Operating systems & Components / Operating system package or component podman-plugins Operating systems & Components / Operating system package or component podman-gvproxy Operating systems & Components / Operating system package or component podman-catatonit Operating systems & Components / Operating system package or component podman Operating systems & Components / Operating system package or component containernetworking-plugins Operating systems & Components / Operating system package or component buildah-tests Operating systems & Components / Operating system package or component buildah Operating systems & Components / Operating system package or component runc Operating systems & Components / Operating system package or component python3-podman Operating systems & Components / Operating system package or component containers-common Operating systems & Components / Operating system package or component aardvark-dns Operating systems & Components / Operating system package or component udica Operating systems & Components / Operating system package or component container-selinux Operating systems & Components / Operating system package or component cockpit-podman Operating systems & Components / Operating system package or component toolbox-tests Operating systems & Components / Operating system package or component toolbox Operating systems & Components / Operating system package or component slirp4netns Operating systems & Components / Operating system package or component python3-criu Operating systems & Components / Operating system package or component oci-seccomp-bpf-hook Operating systems & Components / Operating system package or component netavark Operating systems & Components / Operating system package or component libslirp-devel Operating systems & Components / Operating system package or component libslirp Operating systems & Components / Operating system package or component fuse-overlayfs Operating systems & Components / Operating system package or component crun Operating systems & Components / Operating system package or component criu-libs Operating systems & Components / Operating system package or component criu-devel Operating systems & Components / Operating system package or component criu Operating systems & Components / Operating system package or component crit Operating systems & Components / Operating system package or component conmon Operating systems & Components / Operating system package or component
Vendor	OpenAnolis

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU107019

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-22871

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests when handling chunked data in net/http. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

podman-docker: before 4.9.4-22.0.1

skopeo-tests: before 1.14.5-4.0.1

skopeo: before 1.14.5-4.0.1

podman-tests: before 4.9.4-22.0.1

podman-remote: before 4.9.4-22.0.1

podman-plugins: before 4.9.4-22.0.1

podman-gvproxy: before 4.9.4-22.0.1

podman-catatonit: before 4.9.4-22.0.1

podman: before 4.9.4-22.0.1

containernetworking-plugins: before 1.4.0-6.0.1

buildah-tests: before 1.33.12-2

buildah: before 1.33.12-2

runc: before 1.1.12-6.0.1

python3-podman: before 4.9.0-3

containers-common: before 1-82.0.1

aardvark-dns: before 1.10.1-2.0.1

udica: before 0.2.6-21

container-selinux: before 2.229.0-2

cockpit-podman: before 84.1-1

toolbox-tests: before 0.0.99.5-2.0.1

toolbox: before 0.0.99.5-2.0.1

slirp4netns: before 1.2.3-1

python3-criu: before 3.18-5.0.1

oci-seccomp-bpf-hook: before 1.2.10-1

netavark: before 1.10.3-1.0.1

libslirp-devel: before 4.4.0-2

libslirp: before 4.4.0-2

fuse-overlayfs: before 1.13-1.0.1

crun: before 1.14.3-2

criu-libs: before 3.18-5.0.1

criu-devel: before 3.18-5.0.1

criu: before 3.18-5.0.1

crit: before 3.18-5.0.1

conmon: before 2.1.10-1

CPE2.3

External links

https://anas.openanolis.cn/errata/detail/ANSA-2025:0411

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Certificate Validation

EUVDB-ID: #VU111945