This advisory covers Red Hat OpenShift Container Platform 4.12.74, which contains container image updates that fix several security vulnerabilities: CVE-2024-11187 (bind9 CPU exhaustion caused by many records in the additional DNS section), CVE-2024-11218 (podman/buildah container breakout via a race condition when building a malicious Containerfile with --jobs=2), CVE-2024-21626 (runc file descriptor leak), CVE-2024-45338 (non-linear parsing of case-insensitive content in golang.org/x/net/html), and CVE-2024-50302 (kernel HID core zero-initialization of report buffer). The advisory recommends upgrading OpenShift Container Platform 4.12 clusters using the OpenShift CLI or web console once the updated images and packages are available in the appropriate release channels. Detailed upgrade instructions and release notes are provided by Red Hat. The vendor rates the security impact as Important (high severity).

The vulnerabilities fixed in this update can lead to resource exhaustion (CPU), container breakout allowing potential privilege escalation, file descriptor leaks that may affect system stability or security, parsing issues that could be exploited for denial of service or other impacts, and kernel memory initialization flaws that may lead to information disclosure or system instability. These issues affect core components of the OpenShift Container Platform and its underlying container runtime and kernel, posing significant risk if left unpatched.

Red Hat has released updated container images and RPM packages for OpenShift Container Platform 4.12.74 that address these vulnerabilities. Users should upgrade their OpenShift 4.12 clusters to this version as soon as the updates are available in their release channels. Upgrades can be performed using the OpenShift CLI (oc) or the web console following Red Hat's documented procedures. No alternative mitigations or workarounds are specified; applying the official update is the recommended remediation.