This advisory covers Red Hat OpenShift Container Platform 4.17.26, which includes container image updates that fix several security vulnerabilities. The key fixes address: (1) a denial of service vulnerability in the key exchange mechanism of golang.org/x/crypto/ssh (CVE-2025-22869), (2) a vulnerability in golang-jwt/jwt allowing excessive memory allocation during JWT header parsing (CVE-2025-30204), and (3) a kernel-level out-of-bounds read in the ALSA USB audio driver when finding clock sources (CVE-2024-53150). Red Hat rates the security impact as Important and advises users to upgrade to the updated packages and images via the OpenShift CLI or web console. Detailed upgrade instructions and image digests for multiple architectures are provided. The advisory does not include a CVSS score but classifies the severity as high.

The vulnerabilities fixed in this update could allow denial of service conditions and memory exhaustion, potentially impacting the stability and security of OpenShift Container Platform deployments. The kernel vulnerability could lead to out-of-bounds memory reads, which may cause system instability or crashes. No known active exploits have been reported. The issues affect multiple architectures and OpenShift 4.17 deployments on RHEL 8 and 9. The overall impact is rated as high by the vendor.

Red Hat has released updated container images and RPM packages as part of OpenShift Container Platform 4.17.26 that address these vulnerabilities. All users of OpenShift Container Platform 4.17 are strongly advised to upgrade to these updated packages and images as soon as they are available in their release channels. Upgrades can be performed using the OpenShift CLI (oc) or the web console. Detailed upgrade instructions are available in the official Red Hat documentation. Since this is an official fix, applying the update fully mitigates the vulnerabilities. No additional mitigations are indicated by the vendor.