This advisory covers security updates in Red Hat OpenShift Container Platform 4.20.0 addressing six vulnerabilities: CVE-2025-5914 (libarchive double free), CVE-2025-5994 (unbound cache poisoning), CVE-2025-6032 (podman missing TLS verification), CVE-2025-6965 (SQLite integer truncation), CVE-2025-49794 (libxml heap use after free causing DoS), and CVE-2025-49796 (libxml type confusion causing DoS). These vulnerabilities affect various components used within the platform and have been rated as Important by Red Hat. The advisory includes updated container images and references RPM package updates in a related errata. Users should upgrade their OpenShift clusters using the provided tools and documentation to apply these fixes.

The vulnerabilities fixed in this update include memory corruption (double free), cache poisoning, missing TLS verification, integer truncation, and denial of service conditions. These issues could potentially lead to application crashes, denial of service, or security bypasses within the affected components of the OpenShift Container Platform. However, no known exploits in the wild have been reported. The overall security impact is rated as Important by Red Hat Product Security.

Red Hat has released updated container images and RPM packages for OpenShift Container Platform 4.20.0 that address these vulnerabilities. Users are strongly advised to upgrade to these updated packages and images via the OpenShift CLI (oc) or web console as soon as they are available in their release channel. Detailed upgrade instructions are provided in Red Hat's official documentation. Since this is an official security update, applying the vendor-provided fixes is the recommended mitigation. Patch status is confirmed by the vendor advisory.