This Red Hat security advisory covers multiple vulnerabilities fixed in OpenShift Container Platform 4.17.2. The issues include Golang-related stack exhaustion vulnerabilities triggered by deeply nested data structures or expressions in encoding/gob, go/parser, and go/build/constraint packages (CVE-2024-34155, CVE-2024-34156, CVE-2024-34158). Another vulnerability involves improper handling of highly compressed data in the jose-go library (CVE-2024-28180). Additionally, OpenStack Ironic lacked checksum validation on images, potentially allowing integrity issues (CVE-2024-47211). The advisory provides updated packages and container images for multiple architectures and instructs users to upgrade their clusters accordingly. No known exploits in the wild are reported at this time.

The vulnerabilities can cause application panics due to stack exhaustion when processing deeply nested data or expressions, potentially leading to denial of service conditions. Improper handling of highly compressed data may allow unexpected behavior or resource exhaustion. The lack of checksum validation on OpenStack Ironic images could lead to acceptance of corrupted or tampered images, impacting system integrity. The overall security impact is rated as important by Red Hat, indicating a high severity but not critical. No active exploitation has been reported.

Red Hat has released OpenShift Container Platform 4.17.2 with fixes for these vulnerabilities. Users should upgrade to this version or later as soon as possible using the official OpenShift update procedures. Updated container images for all supported architectures are available, and instructions for upgrading clusters are provided in the Red Hat documentation. Since this is an on-premise/private cloud product, remediation is managed by the user applying these updates. There are no indications that additional mitigations beyond upgrading are required.