Threats Tagged 'cve-2025-61728'

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.20.16. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHSA-2026:3855 Security Fix(es): * golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.20 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.20/html-single/updating_clusters/index#updating-cluster-cli.

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.15.62. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHSA-2026:4423 Security Fix(es): * golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183) * github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload (CVE-2025-65637) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.15 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.15/html-single/updating_clusters/index#updating-cluster-cli.

Releases of Red Hat OpenShift Builds 1.7.1

Red Hat OpenShift Data Foundation 4.19.19 security, enhancement & bug fix update FIXED BUGS: ========== DFBUGS-7063: RHODF 4.19.19 release DFBUGS-7062: [Backport to 4.19.z] ODF Console is breaking DFBUGS-7047: [Backport to odf-4.19.z] Update nodejs from v22.11.0 to v24.13.0 DFBUGS-7017: [Critical] Upgrade ceph version to RHCEPH-8.1z6 at ODF-4.19.18 DFBUGS-6845: Backport to odf-4.19.z intermittent S3 upload failures (HTTP 500 / InternalError) when uploading files to NooBaa buckets via JFrog Artifactory DFBUGS-6742: Backport to odf-4.19.z ODF 4.16.21- noobaa-endpoint crashes with Exit Code 1 due to unhandled AbortError from @azure/storage-blob DFBUGS-6488: [Backport to odf-4.19.z] rook-ceph-exporter log causes huge ODF must-gather DFBUGS-6461: Backport to odf-4.19.z [RDR] Partial s3StoreProfile missing in ramen-hub-operator-config after upgrading hub from ODF 4.17 to 4.18 DFBUGS-6317: [Backport to 4.19.z] rook-ceph-mon-endpoints is overriden in external deployments DFBUGS-6177: Backport to odf-4.19.z Noobaa POD keeps Failing when Clusterwide encryption is enabled with IBM KeyProtect on ROKS Cluster DFBUGS-5903: [Backport to odf-4.19.z] Ceph PVC's not provisioning or mounting after ODF v4.20 upgrade

Red Hat OpenShift Service Mesh 3.1.5, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application. Fixes/Improvements: * Updated to Istio version 1.26.8 * OCSP Memory Leak Check BSSL-Compatability Security Fix(es): * istio-rhel9-operator: Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729) * istio-pilot-rhel9: Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729) * istio-cni-rhel9: Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729) * istio-cni-rhel9: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

Openshift Mirror Registry v2.0.11

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.88. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2026:12273 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.redhat.com/en/documentation/openshift_container_platform/4.12/html/release_notes

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.18.42. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHSA-2026:17448 Security Fix(es): * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) * pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID (CVE-2026-23490) * golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183) * golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728) * crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption (CVE-2025-68121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.18 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli.

The golang packages provide the Go programming language compiler. Security Fix(es): * golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728) * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) * cmd/cgo: Potential code smuggling via doc comments in cmd/cgo (CVE-2025-61732) * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol. Security Fix(es): * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.