Threats Tagged 'cve-2025-27144'

Red Hat OpenShift Container Platform 4. 18. 6 includes security updates addressing two vulnerabilities: a use-after-free flaw in libxml2 (CVE-2024-56171) and a denial of service vulnerability in Go JOSE parsing (CVE-2025-27144). These issues affect on-premise or private cloud deployments of OpenShift Container Platform 4. 18. Users are advised to upgrade to the updated container images and packages available through the appropriate release channels. Detailed upgrade instructions are provided by Red Hat. The update also includes various bug fixes and enhancements unrelated to security.

Red Hat OpenShift Container Platform 4. 17. 22 includes important security updates addressing two vulnerabilities: a Use-After-Free in libxml2 (CVE-2024-56171) and a denial of service parsing issue in go-jose (CVE-2025-27144). These issues affect the container images and RPM packages of OpenShift Container Platform 4. 17. Users are advised to upgrade to the updated packages and images via the appropriate release channels using the OpenShift CLI or web console. The vendor rates the security impact as important and provides detailed upgrade instructions. No known exploits in the wild have been reported at this time.

This advisory addresses multiple vulnerabilities in the Logging subsystem for Red Hat OpenShift version 6. 1. 4. The issues include non-linear parsing of case-insensitive content in golang. org/x/net/html (CVE-2024-45338), sensitive HTTP headers being incorrectly sent after cross-domain redirects (CVE-2024-45336), and a denial of service vulnerability in Go JOSE's parsing (CVE-2025-27144). These vulnerabilities affect various containers within the logging stack such as logging-loki, cluster-logging-operator, lokistack-gateway, and opa-openshift. The vulnerabilities have been assigned a high severity level by Red Hat. Red Hat has released updated images and provides upgrade instructions to remediate these issues.

This advisory addresses two vulnerabilities in the logging components of Red Hat OpenShift 6. 0. 6. The first vulnerability (CVE-2025-27144) affects the lokistack-gateway-container's use of Go JOSE parsing, which is vulnerable to denial of service. The second vulnerability (CVE-2024-45338) involves non-linear parsing of case-insensitive content in the golang. org/x/net/html package used by the logging-loki-container. Both issues are categorized under CWE-770, indicating a risk of resource exhaustion or denial of service. Red Hat has issued an important security advisory with updated images and instructions for upgrading to mitigate these vulnerabilities. No known exploits in the wild have been reported. Patch status is confirmed as fixed by Red Hat with updated container images and upgrade instructions provided in the vendor advisory.

Red Hat OpenShift Container Platform 4. 16. 38 includes multiple security fixes addressing vulnerabilities in components such as Buildah, kernel ALSA usb-audio, libxml2, grub2, Podman, Moby, kernel HID core, and Go JOSE. These fixes resolve issues including arbitrary directory mounts, out-of-bounds accesses and writes, use-after-free, stack-based buffer overflow, symlink traversal leading to denial of service, null pointer dereference, and denial of service parsing vulnerabilities. Users of OpenShift Container Platform 4. 16 are advised to upgrade to the updated packages and container images via the appropriate release channels using the OpenShift CLI or web console. The vendor rates this update as having an important security impact and provides official fixes for these vulnerabilities.

Red Hat OpenShift Container Platform 4. 18. 12 includes important security updates addressing multiple vulnerabilities, including unauthenticated data exposure in the OpenShift console (CVE-2024-7128), use-after-free flaws in libxslt (CVE-2024-55549 and CVE-2025-24855), and a denial of service vulnerability in Go JOSE parsing (CVE-2025-27144). These issues affect on-premise or private cloud deployments of OpenShift Container Platform 4. 18. Users are advised to upgrade to the updated packages and container images available through the appropriate release channels to mitigate these vulnerabilities.

Red Hat OpenShift Container Platform 4. 17. 30 includes a security update addressing a denial of service vulnerability in the go-jose library (CVE-2025-27144). This vulnerability involves parsing in go-jose that could be exploited to cause denial of service. The update is rated as moderate severity by Red Hat Product Security. Users of OpenShift Container Platform 4. 17 are advised to upgrade to the updated packages and container images available through the appropriate release channels. Instructions for upgrading clusters are provided by Red Hat. No known exploits are reported in the wild at this time.

Red Hat OpenShift Container Platform 4. 19. 0 includes multiple security fixes addressing vulnerabilities in various Golang libraries and the Bare Metal Operator. These issues range from authorization bypass, denial of service, to secret exposure across namespaces. Users of OpenShift Container Platform 4. 19 are advised to upgrade to the updated packages and container images as soon as they are available through official release channels.

Red Hat has issued a security advisory for podman, a tool managing pods, container images, and containers, addressing two denial of service vulnerabilities: CVE-2025-22869 in golang. org/x/crypto/ssh's key exchange and CVE-2025-27144 in Go JOSE's parsing. These vulnerabilities could allow denial of service conditions. The advisory rates the impact as Important (high severity). Updates are available for Red Hat Enterprise Linux 10 and related products to remediate these issues.

Multiple security vulnerabilities affecting the Red Hat build of OpenTelemetry Collector have been addressed in an important security update. These include denial of service and memory exhaustion issues in several components such as go-jose, golang. org/x/oauth2/jws, github. com/expr-lang/expr, and golang-jwt/jwt. The vulnerabilities can lead to excessive memory consumption or denial of service conditions during parsing operations. Red Hat has released updated packages for Red Hat Enterprise Linux 10 and related variants to remediate these issues. Users of affected versions are advised to apply the provided updates to mitigate these vulnerabilities.