This advisory covers security fixes for Red Hat OpenShift Container Platform 4.13.55, specifically addressing two vulnerabilities in the Jinja2 templating engine (CVE-2024-56201 and CVE-2024-56326). Both vulnerabilities allow sandbox breakout: one through malicious filenames and the other through indirect references to the format method. These flaws could enable an attacker to bypass sandbox restrictions within Jinja2 templates. Red Hat has released updated RPM packages and container images to remediate these issues. The advisory recommends all users of OpenShift Container Platform 4.13 to upgrade to these updated components as soon as they are available in the appropriate release channels. Instructions for upgrading clusters are provided by Red Hat. The security impact is rated as important, and no CVSS scores are provided in the advisory.

The vulnerabilities allow sandbox breakout in the Jinja2 templating engine used by OpenShift Container Platform, potentially enabling an attacker to execute unauthorized code or commands by bypassing sandbox restrictions. This could compromise the security boundaries within the platform's templating environment. Red Hat rates the security impact as important. There are no known exploits in the wild at the time of this advisory.

Red Hat has released updated RPM packages and container images for OpenShift Container Platform 4.13.55 that fix these vulnerabilities. Users should upgrade to these updated packages and images through the official release channels using the OpenShift CLI (oc) or web console. Detailed upgrade instructions are available at Red Hat's documentation site. Since this is an official fix, applying the update fully mitigates the vulnerabilities. No additional mitigation steps are indicated by the vendor.