This advisory covers Red Hat OpenShift Container Platform 4.18.6, which fixes a use-after-free vulnerability in libxml2 (CVE-2024-56171) and a denial of service vulnerability in Go JOSE parsing (CVE-2025-27144). The vulnerabilities impact the OpenShift Container Platform deployed on multiple architectures including x86_64, ppc64le, s390x, and aarch64. The update is rated as having an Important security impact by Red Hat Product Security. No CVSS base score is provided in the advisory, but the severity is classified as high. The vendor recommends upgrading to the fixed container images and RPM packages as soon as they are available in the release channels. Instructions for upgrading clusters are documented by Red Hat.

The vulnerabilities fixed in this update include a use-after-free in libxml2, which could lead to memory corruption or crashes, and a denial of service vulnerability in Go JOSE parsing, which could allow an attacker to disrupt service availability. The advisory does not report known exploits in the wild. The impact is rated as Important by Red Hat, indicating these issues could affect the stability and security of OpenShift Container Platform deployments if left unpatched.

Red Hat has released updated container images and RPM packages for OpenShift Container Platform 4.18.6 that address these vulnerabilities. Users should upgrade their clusters using the OpenShift CLI (oc) or web console once the updates are available in their release channels. Detailed upgrade instructions are provided by Red Hat at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli. No additional mitigation steps are indicated or required beyond applying the official updates.