This advisory covers security fixes in Red Hat OpenShift Container Platform 4.18.33, specifically addressing three vulnerabilities: CVE-2025-15467 in OpenSSL, which allows remote code execution or denial of service via an oversized Initialization Vector in CMS parsing; CVE-2025-66293 in libpng, involving an out-of-bounds read in png_image_read_composite; and CVE-2025-13601 in glib, an integer overflow in g_escape_uri_string(). The update includes container images and RPM packages to remediate these issues. The advisory recommends upgrading OpenShift Container Platform 4.18 clusters using the OpenShift CLI or web console following official upgrade instructions.

The vulnerabilities fixed in this update have significant security implications: the OpenSSL flaw (CVE-2025-15467) can lead to remote code execution or denial of service, posing a critical risk to affected systems. The libpng out-of-bounds read (CVE-2025-66293) and the glib integer overflow (CVE-2025-13601) can cause memory corruption or crashes, potentially leading to denial of service or other unintended behavior. These issues affect Red Hat OpenShift Container Platform 4.18 deployments on various architectures, including x86_64, s390x, ppc64le, and aarch64. No known exploits in the wild have been reported at this time.

Red Hat has released updated container images and RPM packages as part of OpenShift Container Platform 4.18.33 to address these vulnerabilities. Users should upgrade their OpenShift 4.18 clusters promptly using the OpenShift CLI (oc) or web console according to the official upgrade documentation at https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html-single/updating_clusters/index#updating-cluster-cli. The vendor manages remediation through these updates; no additional mitigation steps are indicated beyond applying the official patches.