This advisory covers Red Hat OpenShift Container Platform 4.19.23, which includes fixes for four security vulnerabilities: CVE-2025-15284 (denial of service via improper input validation in qs array parsing), CVE-2025-65637 (denial of service due to large single-line payload in github.com/sirupsen/logrus), CVE-2025-58183 (unbounded allocation when parsing GNU sparse map in golang archive/tar), and CVE-2025-58068 (HTTP request smuggling in python-eventlet). These issues could lead to denial-of-service conditions or request smuggling attacks. The update is distributed as container images and RPM packages. Red Hat classifies the impact as Important and recommends upgrading to the fixed versions available through official release channels.

The vulnerabilities addressed can cause denial-of-service conditions or HTTP request smuggling, potentially disrupting OpenShift Container Platform operations. The advisory does not report any known active exploitation. The impact is rated Important by Red Hat Product Security, indicating a significant but not critical threat level. These issues affect on-premise or private cloud deployments of OpenShift Container Platform 4.19.

Red Hat has released updated container images and RPM packages for OpenShift Container Platform 4.19.23 that fix these vulnerabilities. Users should upgrade their clusters using the OpenShift CLI (oc) or web console as soon as the updates are available in their release channels. Official upgrade instructions are provided by Red Hat at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/updating_clusters/index#updating-cluster-cli. No alternative mitigations or workarounds are indicated in the advisory.