A security update for gvisor-tap-vsock has been released for AlmaLinux 9, addressing a crucial issue with the golang.org/x/crypto/ssh library that could lead to a denial of service during the key exchange process. This update, identified as ALSA-2025:3833, is classified as important and was made available on April 15, 2025.
The gvisor-tap-vsock serves as a replacement for libslirp and VPNKit, utilizing a pure Go implementation that leverages the gVisor network stack to facilitate networking for podman-machine virtual machines. Notably, compared to its predecessor libslirp, gvisor-tap-vsock offers enhanced features such as a configurable DNS server and dynamic port forwarding, improving network management in virtualized environments.
The specific security vulnerability addressed in this update is tracked under CVE-2025-22869, which details the potential denial of service issue. For further insights, including the severity of the impact and a CVSS score, users are encouraged to visit the CVE page linked in the update announcement.
For additional information on the update, including updated packages and related resources, users can refer to the AlmaLinux errata page provided in the notification.
This communication is automated, and recipients are advised not to reply directly. For any inquiries, the AlmaLinux community chat is available, and users can manage their notification settings through the AlmaLinux mailing list portal.
In summary, the gvisor-tap-vsock update for AlmaLinux 9 is a vital security measure that addresses significant vulnerabilities in the SSH key exchange process, ensuring enhanced protection for users operating virtual machines
The gvisor-tap-vsock serves as a replacement for libslirp and VPNKit, utilizing a pure Go implementation that leverages the gVisor network stack to facilitate networking for podman-machine virtual machines. Notably, compared to its predecessor libslirp, gvisor-tap-vsock offers enhanced features such as a configurable DNS server and dynamic port forwarding, improving network management in virtualized environments.
The specific security vulnerability addressed in this update is tracked under CVE-2025-22869, which details the potential denial of service issue. For further insights, including the severity of the impact and a CVSS score, users are encouraged to visit the CVE page linked in the update announcement.
For additional information on the update, including updated packages and related resources, users can refer to the AlmaLinux errata page provided in the notification.
This communication is automated, and recipients are advised not to reply directly. For any inquiries, the AlmaLinux community chat is available, and users can manage their notification settings through the AlmaLinux mailing list portal.
In summary, the gvisor-tap-vsock update for AlmaLinux 9 is a vital security measure that addresses significant vulnerabilities in the SSH key exchange process, ensuring enhanced protection for users operating virtual machines
Gvisor-tap-vsock update for AlmaLinux 9
A gvisor-tap-vsock security update has been released for AlmaLinux 9 to address any issue with golang.org/x/crypto/ssh, addressing a denial of service in the key exchange:
ALSA-2025:3833: gvisor-tap-vsock security update (Important)
