Red Hat Security Advisory: OpenShift Container Platform 4.17.52 packages and security update
Red Hat OpenShift Container Platform 4. 17. 52 includes security updates addressing three vulnerabilities in Golang components: a denial of service via crafted certificates (CVE-2025-61729), unbounded memory allocation when parsing GNU sparse maps in archive/tar (CVE-2025-58183), and unexpected session resumption in crypto/tls (CVE-2025-68121). These issues could lead to resource exhaustion or unexpected behavior in TLS sessions. Red Hat has released updated RPM packages and container images to fix these vulnerabilities. Users of OpenShift Container Platform 4. 17 are advised to upgrade to the updated packages and images via the official release channels and follow Red Hat's documented upgrade procedures.
AI Analysis
Technical Summary
This advisory covers security fixes in Red Hat OpenShift Container Platform 4.17.52 for three Golang-related vulnerabilities: CVE-2025-61729, a denial of service caused by excessive resource consumption via crafted certificates in crypto/x509; CVE-2025-58183, an unbounded memory allocation vulnerability when parsing GNU sparse maps in the archive/tar package; and CVE-2025-68121, an issue in crypto/tls causing unexpected session resumption. These vulnerabilities affect the OpenShift Container Platform's underlying Golang libraries and could impact cluster stability or security. Red Hat has provided updated RPM packages and container images to remediate these issues. The advisory includes instructions for upgrading clusters using the OpenShift CLI or web console.
Potential Impact
The vulnerabilities could allow denial of service through excessive resource consumption or cause unexpected TLS session behavior, potentially impacting the availability and security of OpenShift Container Platform clusters. No known exploits in the wild have been reported. The issues affect on-premise or private cloud deployments of OpenShift Container Platform 4.17. The overall security impact is rated as Important by Red Hat.
Mitigation Recommendations
Red Hat has released updated packages and container images in OpenShift Container Platform 4.17.52 that fix these vulnerabilities. Users should upgrade their clusters to these updated versions as soon as they are available via the official release channels. Upgrades can be performed using the OpenShift CLI (oc) or the web console following Red Hat's documented procedures. No additional mitigations are indicated beyond applying these updates.
Red Hat Security Advisory: OpenShift Container Platform 4.17.52 packages and security update
Description
Red Hat OpenShift Container Platform 4. 17. 52 includes security updates addressing three vulnerabilities in Golang components: a denial of service via crafted certificates (CVE-2025-61729), unbounded memory allocation when parsing GNU sparse maps in archive/tar (CVE-2025-58183), and unexpected session resumption in crypto/tls (CVE-2025-68121). These issues could lead to resource exhaustion or unexpected behavior in TLS sessions. Red Hat has released updated RPM packages and container images to fix these vulnerabilities. Users of OpenShift Container Platform 4. 17 are advised to upgrade to the updated packages and images via the official release channels and follow Red Hat's documented upgrade procedures.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers security fixes in Red Hat OpenShift Container Platform 4.17.52 for three Golang-related vulnerabilities: CVE-2025-61729, a denial of service caused by excessive resource consumption via crafted certificates in crypto/x509; CVE-2025-58183, an unbounded memory allocation vulnerability when parsing GNU sparse maps in the archive/tar package; and CVE-2025-68121, an issue in crypto/tls causing unexpected session resumption. These vulnerabilities affect the OpenShift Container Platform's underlying Golang libraries and could impact cluster stability or security. Red Hat has provided updated RPM packages and container images to remediate these issues. The advisory includes instructions for upgrading clusters using the OpenShift CLI or web console.
Potential Impact
The vulnerabilities could allow denial of service through excessive resource consumption or cause unexpected TLS session behavior, potentially impacting the availability and security of OpenShift Container Platform clusters. No known exploits in the wild have been reported. The issues affect on-premise or private cloud deployments of OpenShift Container Platform 4.17. The overall security impact is rated as Important by Red Hat.
Mitigation Recommendations
Red Hat has released updated packages and container images in OpenShift Container Platform 4.17.52 that fix these vulnerabilities. Users should upgrade their clusters to these updated versions as soon as they are available via the official release channels. Upgrades can be performed using the OpenShift CLI (oc) or the web console following Red Hat's documented procedures. No additional mitigations are indicated beyond applying these updates.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:5866
- Cve Count
- 3
- Additional Cves
- ["CVE-2025-61729","CVE-2025-68121"]
- Cvss Version
- null
Threat ID: 6a160970e29bf47b50637bd7
Added to database: 5/26/2026, 8:58:24 PM
Last enriched: 5/26/2026, 9:50:35 PM
Last updated: 5/27/2026, 4:52:24 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.