RHSA-2026:5394 - Security Advisory

标题

Updated container images are now available for director Operator for Red Hat OpenStack Platform 17.1 (Wallaby) for RHEL 9.2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware.

The Red Hat OpenStack Platform (RHOSP) director Operator adds the ability to install and run a RHOSP cloud within OpenShift Container Platform (OCP).

Security Fixes:

• Unexpected session resumption in crypto/tls (CVE-2025-68121)
• Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
• Excessive resource consumption when printing error string for host certificate validation in crypto/x509 (CVE-2025-61729)
• Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

解决方案

The container images provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io or registry.access.redhat.com using the 'podman pull' command.

For more information about the images, search the image name in the Red Hat Ecosystem Catalog.

修复

CVE

• CVE-2025-58183
• CVE-2025-61726
• CVE-2025-61729
• CVE-2025-68121

参考

• https://access.redhat.com/security/updates/classification/
• https://catalog.redhat.com/software/containers/search