This advisory covers security fixes in Red Hat OpenShift Container Platform 4.19.27 addressing two vulnerabilities: CVE-2025-58183 involves an unbounded memory allocation during parsing of GNU sparse maps in the golang archive/tar package, classified under CWE-770. CVE-2025-68121 concerns unexpected session resumption behavior in the crypto/tls package. Both vulnerabilities have been assigned a moderate severity level by Red Hat Product Security. The advisory includes updated RPM packages and container images to remediate these issues. Users should upgrade their OpenShift Container Platform 4.19 clusters using the OpenShift CLI or web console following Red Hat's documented procedures. No CVSS scores are provided in the advisory, but the impact is considered moderate.

The vulnerabilities could lead to potential resource exhaustion due to unbounded memory allocation (CVE-2025-58183) and unexpected session resumption behavior (CVE-2025-68121) in cryptographic operations. Red Hat rates the overall security impact as moderate. There are no reports of active exploitation in the wild. The issues affect multiple architectures supported by OpenShift Container Platform 4.19, including x86_64, ppc64le, s390x, and aarch64.

Red Hat has released updated RPM packages and container images for OpenShift Container Platform 4.19.27 that address these vulnerabilities. Users are strongly advised to upgrade to these updated packages and images as soon as they become available in their release channels. Upgrades can be performed using the OpenShift CLI (oc) or the web console. Detailed upgrade instructions are available in Red Hat's official documentation. Since this is an official fix, applying the update fully mitigates the vulnerabilities.