This advisory covers security fixes in Red Hat OpenShift Container Platform 4.17.49, which addresses three vulnerabilities: CVE-2025-15467 in OpenSSL that allows remote code execution or denial of service via an oversized Initialization Vector in CMS parsing; CVE-2025-66293 in libpng causing an out-of-bounds read in png_image_read_composite; and CVE-2025-13601 in glib involving an integer overflow in g_escape_uri_string(). The update includes container images and RPM packages for multiple architectures. Users are instructed to upgrade using the OpenShift CLI or web console. The vendor rates the security impact as Important and provides official upgrade documentation and image digests for verification.

The vulnerabilities fixed in this update could allow remote code execution or denial of service (OpenSSL), out-of-bounds memory reads (libpng), and integer overflow issues (glib) within the OpenShift Container Platform environment. These issues could potentially compromise the confidentiality, integrity, or availability of affected systems if exploited. However, there are no known exploits in the wild at the time of this advisory. The update mitigates these risks by providing patched container images and packages.

Red Hat has released updated container images and RPM packages for OpenShift Container Platform 4.17.49 that address these vulnerabilities. Users should upgrade to these updated packages and images as soon as they are available in their release channel. Upgrades can be performed using the OpenShift CLI (oc) or the web console. Official upgrade instructions are available at Red Hat's documentation site. No additional mitigation steps are indicated or required beyond applying the official update.