{ "document" : { "aggregate_severity" : { "namespace" : "https://access.redhat.com/security/updates/classification/", "text" : "Important" }, "category" : "csaf_security_advisory", "csaf_version" : "2.0", "distribution" : { "text" : "Copyright © Red Hat, Inc. All rights reserved.", "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "en", "notes" : [ { "category" : "summary", "text" : "An updated OpenShift Security Profiles Operator image that fixes various bugs and adds new\nenhancements is now available for the Red Hat OpenShift Enterprise 4 catalog.", "title" : "Topic" }, { "category" : "general", "text" : "The Security Profiles Operator v0.10.0 is now available.\nSee the documentation for release information:\n\nhttps://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/security_and_compliance/security-profiles-operator", "title" : "Details" }, { "category" : "legal_disclaimer", "text" : "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title" : "Terms of Use" } ], "publisher" : { "category" : "vendor", "contact_details" : "https://access.redhat.com/security/team/contact/", "issuing_authority" : "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name" : "Red Hat Product Security", "namespace" : "https://www.redhat.com" }, "references" : [ { "category" : "self", "summary" : "https://access.redhat.com/errata/RHSA-2026:2852", "url" : "https://access.redhat.com/errata/RHSA-2026:2852" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2025-66506", "url" : "https://access.redhat.com/security/cve/CVE-2025-66506" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2025-66564", "url" : "https://access.redhat.com/security/cve/CVE-2025-66564" }, { "category" : "external", "summary" : "https://access.redhat.com/security/updates/classification/", "url" : "https://access.redhat.com/security/updates/classification/" }, { "category" : "self", "summary" : "Canonical URL", "url" : "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_2852.json" } ], "title" : "Red Hat Security Advisory: OpenShift Security Profiles Operator bug fix and enhancement update", "tracking" : { "current_release_date" : "2026-04-06T04:57:32+00:00", "generator" : { "date" : "2026-04-06T04:57:32+00:00", "engine" : { "name" : "Red Hat SDEngine", "version" : "4.7.4" } }, "id" : "RHSA-2026:2852", "initial_release_date" : "2026-02-17T23:04:21+00:00", "revision_history" : [ { "date" : "2026-02-17T23:04:21+00:00", "number" : "1", "summary" : "Initial version" }, { "date" : "2026-02-17T23:04:23+00:00", "number" : "2", "summary" : "Last updated version" }, { "date" : "2026-04-06T04:57:32+00:00", "number" : "3", "summary" : "Last generated version" } ], "status" : "final", "version" : "3" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "OpenShift Security Profiles Operator 1", "product" : { "name" : "OpenShift Security Profiles Operator 1", "product_id" : "OpenShift Security Profiles Operator 1", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:openshift_security_profiles_operator:1::el9" } } } ], "category" : "product_family", "name" : "OpenShift Security Profiles Operator" }, { "branches" : [ { "category" : "product_version", "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64", "product" : { "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64", "product_id" : "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64", "product_identification_helper" : { "purl" : "pkg:oci/openshift-selinuxd-rhel10@sha256%3A1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039?arch=amd64&repository_url=registry.redhat.io/compliance&tag=1771365824" } } }, { "category" : "product_version", "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64", "product" : { "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64", "product_id" : "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64", "product_identification_helper" : { "purl" : "pkg:oci/openshift-selinuxd-rhel8@sha256%3A7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0?arch=amd64&repository_url=registry.redhat.io/compliance&tag=1771365778" } } }, { "category" : "product_version", "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64", "product" : { "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64", "product_id" : "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64", "product_identification_helper" : { "purl" : "pkg:oci/openshift-selinuxd-rhel9@sha256%3Af7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8?arch=amd64&repository_url=registry.redhat.io/compliance&tag=1771365810" } } }, { "category" : "product_version", "name" : "registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64", "product" : { "name" : "registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64", "product_id" : "registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64", "product_identification_helper" : { "purl" : "pkg:oci/openshift-security-profiles-operator-bundle@sha256%3A4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7?arch=amd64&repository_url=registry.redhat.io/compliance&tag=1771367226" } } }, { "category" : "product_version", "name" : "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64", "product" : { "name" : "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64", "product_id" : "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64", "product_identification_helper" : { "purl" : "pkg:oci/openshift-security-profiles-rhel8-operator@sha256%3Ae599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54?arch=amd64&repository_url=registry.redhat.io/compliance&tag=1770869850" } } } ], "category" : "architecture", "name" : "amd64" }, { "branches" : [ { "category" : "product_version", "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le", "product" : { "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le", "product_id" : "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le", "product_identification_helper" : { "purl" : "pkg:oci/openshift-selinuxd-rhel10@sha256%3A659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8?arch=ppc64le&repository_url=registry.redhat.io/compliance&tag=1771365824" } } }, { "category" : "product_version", "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le", "product" : { "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le", "product_id" : "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le", "product_identification_helper" : { "purl" : "pkg:oci/openshift-selinuxd-rhel8@sha256%3A8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e?arch=ppc64le&repository_url=registry.redhat.io/compliance&tag=1771365778" } } }, { "category" : "product_version", "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le", "product" : { "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le", "product_id" : "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le", "product_identification_helper" : { "purl" : "pkg:oci/openshift-selinuxd-rhel9@sha256%3A2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9?arch=ppc64le&repository_url=registry.redhat.io/compliance&tag=1771365810" } } }, { "category" : "product_version", "name" : "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le", "product" : { "name" : "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le", "product_id" : "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le", "product_identification_helper" : { "purl" : "pkg:oci/openshift-security-profiles-rhel8-operator@sha256%3A66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297?arch=ppc64le&repository_url=registry.redhat.io/compliance&tag=1770869850" } } } ], "category" : "architecture", "name" : "ppc64le" } ], "category" : "vendor", "name" : "Red Hat" } ], "relationships" : [ { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64 as a component of OpenShift Security Profiles Operator 1", "product_id" : "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64" }, "product_reference" : "registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64", "relates_to_product_reference" : "OpenShift Security Profiles Operator 1" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le as a component of OpenShift Security Profiles Operator 1", "product_id" : "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le" }, "product_reference" : "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le", "relates_to_product_reference" : "OpenShift Security Profiles Operator 1" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64 as a component of OpenShift Security Profiles Operator 1", "product_id" : "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64" }, "product_reference" : "registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64", "relates_to_product_reference" : "OpenShift Security Profiles Operator 1" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64 as a component of OpenShift Security Profiles Operator 1", "product_id" : "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64" }, "product_reference" : "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64", "relates_to_product_reference" : "OpenShift Security Profiles Operator 1" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le as a component of OpenShift Security Profiles Operator 1", "product_id" : "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le" }, "product_reference" : "registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le", "relates_to_product_reference" : "OpenShift Security Profiles Operator 1" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64 as a component of OpenShift Security Profiles Operator 1", "product_id" : "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64" }, "product_reference" : "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64", "relates_to_product_reference" : "OpenShift Security Profiles Operator 1" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le as a component of OpenShift Security Profiles Operator 1", "product_id" : "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le" }, "product_reference" : "registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le", "relates_to_product_reference" : "OpenShift Security Profiles Operator 1" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le as a component of OpenShift Security Profiles Operator 1", "product_id" : "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le" }, "product_reference" : "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le", "relates_to_product_reference" : "OpenShift Security Profiles Operator 1" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64 as a component of OpenShift Security Profiles Operator 1", "product_id" : "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64" }, "product_reference" : "registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64", "relates_to_product_reference" : "OpenShift Security Profiles Operator 1" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2025-66506", "cwe" : { "id" : "CWE-405", "name" : "Asymmetric Resource Consumption (Amplification)" }, "discovery_date" : "2025-12-04T23:01:20.507333+00:00", "flags" : [ { "label" : "vulnerable_code_not_present", "product_ids" : [ "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64" ] } ], "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2419056" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64" ], "known_not_affected" : [ "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2025-66506" }, { "category" : "external", "summary" : "RHBZ#2419056", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2419056" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2025-66506", "url" : "https://www.cve.org/CVERecord?id=CVE-2025-66506" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2025-66506", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2025-66506" }, { "category" : "external", "summary" : "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a", "url" : "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a" }, { "category" : "external", "summary" : "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw", "url" : "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw" } ], "release_date" : "2025-12-04T22:04:41.637000+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-02-17T23:04:21+00:00", "details" : "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html", "product_ids" : [ "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:2852" } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "NETWORK", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version" : "3.1" }, "products" : [ "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64" ] } ], "threats" : [ { "category" : "impact", "details" : "Important" } ], "title" : "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token" }, { "cve" : "CVE-2025-66564", "cwe" : { "id" : "CWE-405", "name" : "Asymmetric Resource Consumption (Amplification)" }, "discovery_date" : "2025-12-04T23:01:11.786030+00:00", "flags" : [ { "label" : "vulnerable_code_not_present", "product_ids" : [ "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64" ] } ], "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2419054" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in Sigstore Timestamp Authority. This vulnerability allows a denial of service via excessive memory allocation when processing a specially crafted Object Identifier or Content-Type header.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing", "title" : "Vulnerability summary" }, { "category" : "other", "text" : "This vulnerability is rated Important for Red Hat products. The Sigstore Timestamp Authority, a service for issuing RFC 3161 timestamps, is prone to excessive memory allocation. This occurs when processing untrusted OID payloads with many period characters or malformed Content-Type headers. An unauthenticated attacker could exploit this flaw to trigger a denial of service in affected Red Hat products that utilize this component.", "title" : "Statement" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64" ], "known_not_affected" : [ "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2025-66564" }, { "category" : "external", "summary" : "RHBZ#2419054", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2419054" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2025-66564", "url" : "https://www.cve.org/CVERecord?id=CVE-2025-66564" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2025-66564", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2025-66564" }, { "category" : "external", "summary" : "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421", "url" : "https://github.com/sigstore/timestamp-authority/commit/0cae34e197d685a14904e0bad135b89d13b69421" }, { "category" : "external", "summary" : "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh", "url" : "https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh" } ], "release_date" : "2025-12-04T22:37:13.307000+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-02-17T23:04:21+00:00", "details" : "Before applying this update, make sure all previously released errata relevant to your\nsystem have been applied. For details on how to apply this update, refer to:\n \nhttps://docs.openshift.com/container-platform/latest/updating/updating_a_cluster/updating-cluster-cli.html", "product_ids" : [ "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:2852" } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "NETWORK", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version" : "3.1" }, "products" : [ "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-operator-bundle@sha256:4604d631307390e44fea4729d87470a32f294f380b4c7c9448a8e1a82ccec5b7_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:66c78e05a610eb31b8a350502b778305e53da9576ae124a3eb7ab3cc29595297_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-security-profiles-rhel8-operator@sha256:e599c020744224294ed24d028ad1c5f4cca1192d9d487517286a6b7591d80f54_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:1484157970f2cc4470dfec565fb5f81137402bdcd52d63cd40be4b0e9c8ce039_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel10@sha256:659e7bfe28f0dad419b9559be5a3b9f00ed6871ca3425ae5f1abc478ed7072c8_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:7143fa2fba9fb559ef13143cebfa69dbd7cb1f94284a640e5cbdb700e6cf6de0_amd64", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel8@sha256:8baa5bd3ecbbb1708d1270f7f30b707dd381e72b9a4fef554044039d6404771e_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:2b2e1b736ad8d69e15ede3f38de2637c695d0819e66d4c9c9df0aa3ebeee9df9_ppc64le", "OpenShift Security Profiles Operator 1:registry.redhat.io/compliance/openshift-selinuxd-rhel9@sha256:f7795017bcbace2e5e86ab1e7906d60ddd06c1b7fdd4ce7891eade3d993ec7b8_amd64" ] } ], "threats" : [ { "category" : "impact", "details" : "Important" } ], "title" : "github.com/sigstore/timestamp-authority: Sigstore Timestamp Authority: Denial of Service via excessive OID or Content-Type header parsing" } ] }