This advisory covers security fixes in Red Hat OpenShift Container Platform 4.16.42, which addresses four CVEs: CVE-2024-6538 (SSRF vulnerability in the OpenShift Console), CVE-2024-45338 (non-linear parsing issue in golang.org/x/net/html), CVE-2025-22868 (unexpected memory consumption during token parsing in golang.org/x/oauth2/jws), and CVE-2025-30204 (excessive memory allocation during header parsing in golang-jwt/jwt). These vulnerabilities affect the container images and related packages in OpenShift Container Platform 4.16. The update is rated as important by Red Hat and users should upgrade using the OpenShift CLI or web console. Detailed upgrade instructions and image digests are provided by Red Hat. The advisory does not provide CVSS scores but references CVE pages for further information.

The vulnerabilities fixed in this update include a Server-Side Request Forgery (SSRF) vulnerability in the OpenShift Console, which could allow an attacker to induce the server to make unintended requests. Additionally, memory consumption issues in Go libraries could lead to excessive resource usage, potentially impacting service stability or availability. The overall security impact is rated as important (high severity) by Red Hat Product Security. There are no known exploits in the wild at the time of this advisory.

Red Hat has released updated container images and packages as part of OpenShift Container Platform 4.16.42 that address these vulnerabilities. Users should upgrade to these updated packages and images as soon as they are available in their release channel. Upgrades can be performed using the OpenShift CLI (oc) or the web console. Detailed upgrade instructions are available in the official Red Hat documentation. Since this is an on-premise/private cloud deployment product, remediation is managed by the user applying the update. Patch status is confirmed by the vendor advisory.