This advisory covers security fixes in Red Hat OpenShift Container Platform 4.18.11, specifically addressing three vulnerabilities: CVE-2024-8676 in cri-o that permits checkpoint restore operations from different namespaces, potentially leading to unauthorized actions; CVE-2025-27144 in go-jose that introduces a denial of service risk via parsing; and CVE-2025-30204 in golang-jwt/jwt allowing excessive memory allocation during JWT header parsing. The update includes container image and package fixes. Red Hat rates the security impact as Important and recommends upgrading to these updated components. Detailed upgrade instructions and image digests are provided by Red Hat. No CVSS scores are provided in the advisory, but severity is assessed as high based on the impact descriptions.

The vulnerabilities fixed in this update could allow denial of service conditions and unauthorized checkpoint restore operations across namespaces in OpenShift Container Platform 4.18. These issues may affect cluster stability and security by permitting excessive resource consumption or unauthorized actions within container orchestration. The advisory does not report known exploits in the wild. The overall security impact is rated as Important by Red Hat, indicating a significant risk if unpatched.

Red Hat has released updated container images and packages as part of OpenShift Container Platform 4.18.11 that address these vulnerabilities. Users should upgrade their clusters using the OpenShift CLI (oc) or web console as soon as these updates are available in their release channels. Detailed upgrade instructions are provided by Red Hat at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli. No alternative mitigations or workarounds are indicated; applying the official update is the recommended remediation.