This advisory covers security fixes in Red Hat OpenShift Container Platform 4.14.50 for three vulnerabilities: a use-after-free in libxml2 (CVE-2024-56171), a stack-based buffer overflow in libxml2's xmlSnprintfElements function (CVE-2025-24928), and an excessive memory allocation vulnerability in golang-jwt/jwt during JWT header parsing (CVE-2025-30204). These issues affect the container images and packages distributed with OpenShift 4.14. The update is rated as important by Red Hat and addresses these vulnerabilities by providing patched container images and packages. Users should upgrade their clusters using the OpenShift CLI or web console following Red Hat's documented procedures.

The vulnerabilities fixed in this update could allow attackers to cause memory corruption (use-after-free and buffer overflow) or trigger excessive memory allocation, potentially leading to denial of service or other impacts depending on the affected component's usage. Red Hat rates the security impact as important (high severity). No known exploits in the wild have been reported, but the vulnerabilities affect critical libraries used within OpenShift Container Platform 4.14 deployments.

Red Hat has released updated container images and packages for OpenShift Container Platform 4.14.50 that address these vulnerabilities. Users should upgrade to these updated versions as soon as they are available in the appropriate release channels. Upgrades can be performed using the OpenShift CLI (oc) or the web console. Detailed upgrade instructions and image digests are provided by Red Hat in their advisory and documentation. There is no indication that additional mitigations are required beyond applying these official updates.