This advisory covers four security vulnerabilities affecting Red Hat OpenStack Platform 17.1 director Operator container images. The vulnerabilities include CVE-2025-58183, which involves unbounded memory allocation when parsing GNU sparse maps, potentially leading to resource exhaustion. Additional issues include memory exhaustion during query parameter parsing in net/url (CVE-2025-61726), excessive resource consumption when printing error strings for host certificate validation in crypto/x509 (CVE-2025-61729), and unexpected session resumption in crypto/tls (CVE-2025-68121). These vulnerabilities relate to improper resource management and cryptographic session handling within the container images used to deploy RHOSP clouds on OpenShift Container Platform. Red Hat has provided updated container images to remediate these issues.

The vulnerabilities can cause excessive resource consumption or memory exhaustion in affected components, potentially impacting the stability and reliability of the Red Hat OpenStack Platform director Operator container images. Improper session resumption in TLS could affect cryptographic session security. These issues may degrade service availability or cause denial of service conditions under certain circumstances. No evidence of active exploitation has been reported.

Red Hat has released updated container images for the OpenStack Platform 17.1 director Operator that address these vulnerabilities. Users should download and deploy the updated images from the Red Hat container registry using the 'podman pull' command as described in the Red Hat advisory RHSA-2026:5394. Applying these updates is the recommended remediation. Patch status is confirmed by the vendor advisory. No additional mitigations are indicated.