Threats Tagged 'cve-2025-15284'

An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Security Fix(es): * lz4-java: Information Disclosure via Insufficient Output Buffer Clearing (CVE-2025-66566) * qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.21.1. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2026:2082 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.21/html/release_notes/ Security Fix(es): * helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service (CVE-2025-55199) * helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability (CVE-2025-55198) * github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload (CVE-2025-65637) * python-eventlet: Eventlet HTTP request smuggling (CVE-2025-58068) * qs: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284) * golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.21 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.21/html-single/updating_clusters/index#updating-cluster-cli.

The 1.15.4 release of Red Hat OpenShift Pipelines Operator.

Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.

Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their operating systems, and relevant configuration data stored within them. Discovery also identifies and reports more detailed facts for some versions of key Red Hat packages and products that it finds in the network.

Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.19.23. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHBA-2026:1538 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html/release_notes/ Security Fix(es): * qs: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284) * github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload (CVE-2025-65637) * golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183) * python-eventlet: Eventlet HTTP request smuggling (CVE-2025-58068) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.19 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.19/html-single/updating_clusters/index#updating-cluster-cli.

See the release notes (link in the references section) for a description of the fixes and enhancements in this particular release.

See the release notes (link in the references section) for a description of the fixes and enhancements in this particular release.

The 1.15.3 release of Red Hat OpenShift Pipelines Operator.