This advisory covers security fixes in Red Hat OpenShift Container Platform 4.20.11 for two vulnerabilities: CVE-2025-58068, which involves HTTP request smuggling in the python-eventlet library, and CVE-2025-58183, which involves unbounded memory allocation when parsing GNU sparse maps in the golang archive/tar package. Both vulnerabilities are addressed in updated container images and RPM packages. Red Hat rates the security impact as moderate and recommends upgrading to the fixed versions. The advisory provides links to release notes, upgrade instructions, and image digests for multiple architectures. No CVSS scores are provided in the advisory, but the severity is indicated as medium/moderate.

The vulnerabilities fixed in this update could potentially allow an attacker to exploit HTTP request smuggling (CVE-2025-58068) or cause unbounded memory allocation (CVE-2025-58183) within components of the OpenShift Container Platform. Red Hat Product Security rates the overall security impact as moderate. No known exploits in the wild have been reported at the time of this advisory. The impact is limited to affected versions of OpenShift Container Platform 4.20 prior to 4.20.11.

Red Hat has released updated container images and RPM packages as part of OpenShift Container Platform 4.20.11 that address these vulnerabilities. Users of OpenShift Container Platform 4.20 should upgrade to these updated packages and images as soon as they become available in their release channel. Upgrades can be performed using the OpenShift CLI (oc) or the web console. Detailed upgrade instructions are available in the official Red Hat documentation. There is no indication that additional mitigation steps are required beyond applying the official update.