This advisory covers Red Hat OpenShift Container Platform 4.16.44, which addresses three security vulnerabilities: CVE-2025-22868 involves unexpected memory consumption during token parsing in the golang.org/x/oauth2/jws package; CVE-2025-32462 is a local privilege escalation vulnerability via the sudo host option; and CVE-2025-22871 is an HTTP request smuggling vulnerability caused by acceptance of invalid chunked data in the net/http package. The update includes container image fixes and corresponding RPM package updates (detailed in a separate advisory). Red Hat classifies the security impact as Important and recommends all users upgrade their clusters using the OpenShift CLI or web console. The advisory provides image digests for multiple architectures and links to official documentation for upgrade procedures.

The vulnerabilities fixed in this update could lead to increased memory consumption during token parsing, local privilege escalation on affected systems, and HTTP request smuggling attacks. These issues may allow attackers to disrupt service or escalate privileges within the OpenShift Container Platform environment. However, no known exploits in the wild have been reported. The overall security impact is rated as Important by Red Hat Product Security.

Red Hat has released updated container images and RPM packages as part of OpenShift Container Platform 4.16.44 to address these vulnerabilities. Users should upgrade to these updated packages and images as soon as they are available in the appropriate release channel. Upgrades can be performed using the OpenShift CLI (oc) or the web console. Detailed upgrade instructions are available in the official Red Hat documentation. Since this is an official fix, applying the update fully mitigates the vulnerabilities. There is no indication that additional mitigations are required beyond applying the update.