Threats Tagged 'cve-2025-58068'

Red Hat OpenShift Container Platform 4. 21. 1 includes multiple security fixes addressing vulnerabilities such as denial of service, HTTP request smuggling, and unbounded memory allocation in various components including Helm, logrus, eventlet, qs, and golang archive/tar. These issues could impact cluster stability and security if exploited. Red Hat has released updated container images and advises all users of OpenShift Container Platform 4. 21 to upgrade to these versions. Detailed upgrade instructions are provided by Red Hat to ensure full remediation of these vulnerabilities.

Red Hat OpenShift Container Platform 4. 20. 11 includes security updates addressing two vulnerabilities: CVE-2025-58068, an HTTP request smuggling issue in python-eventlet, and CVE-2025-58183, an unbounded allocation vulnerability in golang's archive/tar when parsing GNU sparse maps. These vulnerabilities have been rated with moderate security impact by Red Hat Product Security. The update is available as container images and RPM packages, and users of OpenShift Container Platform 4. 20 are advised to upgrade to these updated versions via the appropriate release channels using the OpenShift CLI or web console.

Red Hat OpenShift Container Platform 4. 19. 23 includes important security updates addressing multiple denial-of-service vulnerabilities and an HTTP request smuggling issue. The vulnerabilities affect components such as qs (array parsing), logrus (large payload handling), golang archive/tar (unbounded allocation), and python-eventlet (HTTP request smuggling). Red Hat has released updated container images and advises all users of OpenShift Container Platform 4. 19 to upgrade to these versions. The advisory rates the security impact as Important and provides official upgrade instructions. No known exploits in the wild have been reported at this time.