Red Hat Product Errata RHSA-2025:15345 - Security Advisory
Issued:
2025-09-10
Updated:
2025-09-10

RHSA-2025:15345 - Security Advisory

Synopsis

OpenShift Container Platform 4.17.39 security and extras update

Type/Severity

Security Advisory: Important

Topic

Red Hat OpenShift Container Platform release 4.17.39 is now available with updates to packages and images that fix several bugs.
This release includes a security update for Red Hat OpenShift Container Platform 4.17.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.17.39. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2025:15344 Security Fix(es):

  • helm.sh/helm/v3: Helm Chart Code Execution (CVE-2025-53547)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.

Solution

For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/

amd64

registry.redhat.io/openshift4/ose-ptp-rhel9@sha256:88709ebb025710bfa0f5bda35eba3bfe5dca38a8ba0974a7aab1dc51bd940472
registry.redhat.io/openshift4/nmstate-console-plugin-rhel9@sha256:4771511d2e59b3450ff70f27c341968c8f36a1563fed32bb60b8053a5100f2bc
registry.redhat.io/openshift4/ose-helm-rhel9-operator@sha256:5857fdc78e54cfdd347e5c35486c79f31128cf302a59afb860a12e30fb9b342f
registry.redhat.io/openshift4/ose-operator-sdk-rhel9@sha256:3dfdc4b77769b2552bf5e223637a88df5bf867b3b55dfd1cd841a493276c1041
registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:f4ee0940afd358aa97ac019a5b1015d3f2a91f95c260e51cc12a667e17d8b0f4
registry.redhat.io/openshift4/kubernetes-nmstate-rhel9-operator@sha256:116236f04a9a81b8a085b913d395ae5b22388b6ed4ef614e86ab4e4b26cb09e3
registry.redhat.io/openshift4/ose-aws-efs-csi-driver-rhel9-operator@sha256:1b3f77c875b5a49a03fd151a9dbcd535710425f80e408a79f4a1e5b52501815a
registry.redhat.io/openshift4/ose-egress-http-proxy-rhel9@sha256:0ae0e46b7682bd82e9a420c71f907e048e068ba4ff9611d72fcf9109e6a7a9d9
registry.redhat.io/openshift4/ose-smb-csi-driver-rhel9-operator@sha256:d904ee0848d68789cca098448e681e86f4cbde19945c1f17ea365fbce39304b9
registry.redhat.io/openshift4/ose-ptp-rhel9-operator@sha256:ef4a309bde7ebe47d4d5ec927ad7d0c82d10b493dbbdfee260a6068d3b3bc71c
registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel9@sha256:759ad9b263b4132bb804f7fd1321ecf74e8e11ad9f4ec5275d895daf505bd74a
registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel9-operator@sha256:1bff49c88dcedd74d66a6b09e619977c891bbf49de4710331bcd0054891f1d58

ppc64le

registry.redhat.io/openshift4/ose-ptp-rhel9@sha256:89f283a7ecbba8fc0ed60aecf08c0a3c448207afa244d8ad0546c5a08638e01a
registry.redhat.io/openshift4/nmstate-console-plugin-rhel9@sha256:692ecf6ed19cbfdae0168af4f6c144d370b58d005a61c448dd0faf31b7c78327
registry.redhat.io/openshift4/ose-helm-rhel9-operator@sha256:1c9292e33c7a6207012b8fdc22b80744a0c8e7c1efdffc25fa28e4be47ac7aa4
registry.redhat.io/openshift4/ose-operator-sdk-rhel9@sha256:a07743c30dc3938535a582b851fe9250ed0d32e5e41448ca84056b2cf3fb2769
registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:070a1e6adf4441769a0ffb112f8d0a96f49ccfbdc8e527b87d6ebd81663003d6
registry.redhat.io/openshift4/kubernetes-nmstate-rhel9-operator@sha256:8c92d1dcfd9b694bac9b650519e011a1fc2b5d9457f7895246e730754ba4dcf3
registry.redhat.io/openshift4/ose-egress-http-proxy-rhel9@sha256:131ecffede5be022e6abeb2a7f7c2e0422e9b85a9f4818ad6c30066e6c23134a
registry.redhat.io/openshift4/ose-smb-csi-driver-rhel9-operator@sha256:7046a36568813a22e8cf38ad257045b203b3105ba5c56ca349e3e4f9b0c88b26
registry.redhat.io/openshift4/ose-ptp-rhel9-operator@sha256:23381448669360bea0f74c522834e6bfbd4992953ff06db042edfe487a15ba59
registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel9@sha256:4a3b2b777d14fe1446fb32b6424bc77da163cd63b4fadd1c412b1e15c5282fd7
registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel9-operator@sha256:06fb8e832cfc8ee9e0d16b62a8892ca856768abe5e57710b1d9a2eef7a500428

arm64

registry.redhat.io/openshift4/ose-ptp-rhel9@sha256:cadb1fae4c9ca0d6ca35c7650c870302d50543c26b6096129327fed72c5a126f
registry.redhat.io/openshift4/nmstate-console-plugin-rhel9@sha256:1b1cae8628c9062fbbe181cabb159f3a2323a127cb8afff080447a8ab6644476
registry.redhat.io/openshift4/ose-helm-rhel9-operator@sha256:890dace80c387969a9b97bd02776fdf6ec59f67131c9ec3800a84bd21cfd491a
registry.redhat.io/openshift4/ose-operator-sdk-rhel9@sha256:1b9b8dfe44497a6ea78b58aed0184d79ec5612816f8dcfe1ebf60f21f3e07972
registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:5484b77cc8dd00373bc27d4ea81de5ffcf825b02657d6bec77db70678ce0bc05
registry.redhat.io/openshift4/kubernetes-nmstate-rhel9-operator@sha256:9e4a78a4cda552a1d67a913b2f3e5b735a3939176e87eb1dc7c9115c6de9122c
registry.redhat.io/openshift4/ose-aws-efs-csi-driver-rhel9-operator@sha256:ecc69803103a47044d2ea49ed332d909a0521176b8aa3e4156bfa1db902e9ec5
registry.redhat.io/openshift4/ose-egress-http-proxy-rhel9@sha256:b0d72b9aa6f876b0f6dd1ca3d01cfecdc607b5b45d7fd4e9e9bd841108a96406
registry.redhat.io/openshift4/ose-smb-csi-driver-rhel9-operator@sha256:89e103883c135c2a91a92c037629c0b2235f62288fddf68643a7a85336593de7
registry.redhat.io/openshift4/ose-ptp-rhel9-operator@sha256:f580b3707a3d48991951b3b7e2b5f0abd66a2e501cbb35416d688c343a1184f9
registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel9@sha256:c597b8fd9b391b7c095264ee141b4f7d1e4be1e70022e5a9b8a90afc026ffc6f
registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel9-operator@sha256:489f92d2e0dbfd8a7ae8e1e511ad2252e20724f05f32c002fea25eeadb7f92ee

s390x

registry.redhat.io/openshift4/nmstate-console-plugin-rhel9@sha256:4cfb6e75c0b442daafd3da438c2bd7872402e344ca7caaf338025ed5aa6f5367
registry.redhat.io/openshift4/ose-helm-rhel9-operator@sha256:eceba5eb6145baedafdcd12b2ff4c01a914d5c2800be1cc45cb6ee1da52fd59a
registry.redhat.io/openshift4/ose-operator-sdk-rhel9@sha256:b4d145dd4c58c63855b4b723e38a67a50eef2520cf8c55e644c38deea07d532e
registry.redhat.io/openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:bb01ae66f79140751ae2919a7783e888fb779cae8cf00371d6f657f57ca3c2d3
registry.redhat.io/openshift4/kubernetes-nmstate-rhel9-operator@sha256:d02e3edeb56202cd486451aa75652f20b0efc725136d2683cc5dff2be944ad58
registry.redhat.io/openshift4/ose-egress-http-proxy-rhel9@sha256:96a72fc63224557ed71eeecd062998f34b2133872687ebb06ac9e7435e4c69eb
registry.redhat.io/openshift4/ose-smb-csi-driver-rhel9-operator@sha256:b1b72f8932e3605eb265a455cdf1eb10d6d637ec641b57f6cca9fcab254ff434
registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel9@sha256:99d56cc39d461713355d973e73ca50b09573f72ec30323f5952b0cc1addbbf6b
registry.redhat.io/openshift4/ose-vertical-pod-autoscaler-rhel9-operator@sha256:cef6958e07cfebb027f51f114687d9710989149b83287f05377ebff6ac7d185f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.