This advisory covers security fixes in Red Hat OpenShift Container Platform 4.19.17, addressing six CVEs: CVE-2025-5914 (libarchive double free), CVE-2025-5994 (unbound cache poisoning), CVE-2025-6965 (SQLite integer truncation), CVE-2025-9566 (podman kube play command may overwrite host files), CVE-2025-49794 (libxml heap use after free leading to denial of service), and CVE-2025-49796 (libxml type confusion leading to denial of service). The update includes container image and package fixes for these vulnerabilities. Red Hat OpenShift Container Platform is a Kubernetes-based cloud computing platform for on-premise or private cloud deployments. The advisory recommends upgrading to the fixed release 4.19.17 using the OpenShift CLI or web console. No CVSS scores are provided in the advisory; severity is rated as important by Red Hat.

The vulnerabilities fixed in this update can lead to various impacts including denial of service (libxml use after free and type confusion), potential cache poisoning (unbound), memory corruption (libarchive double free), integer truncation (SQLite), and unauthorized host file overwrite (podman). These issues could affect the stability, integrity, and security of the OpenShift Container Platform environment if exploited. The advisory does not report known exploits in the wild at the time of publication.

Red Hat has released updated container images and packages in OpenShift Container Platform 4.19.17 that address these vulnerabilities. Users should upgrade to this version as soon as it is available in their release channel. Upgrades can be performed using the OpenShift CLI (oc) or the web console. Detailed upgrade instructions are provided in the official Red Hat documentation. Since this is an on-premise/private cloud deployment product, remediation is managed by the user applying these updates. Patch status is confirmed as available via this advisory and related errata.