RHSA-2025:22955 - Security Advisory

Topic

Updated container images are now available for director Operator for Red Hat OpenStack Platform 17.1.12 (Wallaby) for RHEL 9.2.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware.

The Red Hat OpenStack Platform (RHOSP) director Operator adds the ability to install and run a RHOSP cloud within OpenShift Container Platform (OCP).

Security Fixes:

• containerd local privilege excalation (CVE-2024-25621)
• SSH client panic due to unexpected SSH_AGENT_SUCCESS (CVE-2025-47913)

Solution

The container images provided by this update can be downloaded from the Red Hat container registry at registry.redhat.io or registry.access.redhat.com using the 'podman pull' command.

For more information about the images, search the image name in the Red Hat Ecosystem Catalog.

Fixes

CVEs

• CVE-2024-25621
• CVE-2025-47913

References

• https://access.redhat.com/security/updates/classification/
• https://catalog.redhat.com/software/containers/search