Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2025:7669 - Security Advisory
Issued:
2025-05-21
Updated:
2025-05-21

RHSA-2025:7669 - Security Advisory

  • Overview
  • Updated Images

Synopsis

Moderate: OpenShift Container Platform 4.17.30 bug fix and security update

Type/Severity

Security Advisory: Moderate

Topic

Red Hat OpenShift Container Platform release 4.17.30 is now available with updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container Platform 4.17.

Red Hat Product Security has rated this update as having a security impact of moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container Platform 4.17.30. See the following advisory for the RPM packages for this release:

https://access.redhat.com/errata/RHBA-2025:7671

Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/

Security Fix(es):

  • go-jose: Go JOSE's Parsing Vulnerable to Denial of Service (CVE-2025-27144)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

All OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.

Solution

For OpenShift Container Platform 4.17 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/release_notes/

You may download the oc tool and use it to inspect release image metadata for x86_64, s390x, ppc64le, and aarch64 architectures. The image digests may be found at https://quay.io/repository/openshift-release-dev/ocp-release?tab=tags.

The sha values for the release are as follows:

(For x86_64 architecture)
The image digest is sha256:9efd67719b76a75def13a0e08125a361553c8b06691b39bdeff4994c4e907d44

(For s390x architecture)
The image digest is sha256:d48074dde460f4e6dd8aa20d3a4bc6afcc3d5e61c2b44bf9b019fc6b2bcb43f7

(For ppc64le architecture)
The image digest is sha256:854836a1c1abbc3009190b2c3b26cce91acecf375ea75f4af49faf341514ca72

(For aarch64 architecture)
The image digest is sha256:c70fca1f2136dac3a06b6fedaf563ea332f368e27590dad481a82a93a41e01a5

All OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html-single/updating_clusters/index#updating-cluster-cli.

Affected Products

  • Red Hat OpenShift Container Platform 4.17 for RHEL 9 x86_64
  • Red Hat OpenShift Container Platform 4.17 for RHEL 8 x86_64
  • Red Hat OpenShift Container Platform for Power 4.17 for RHEL 9 ppc64le
  • Red Hat OpenShift Container Platform for Power 4.17 for RHEL 8 ppc64le
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.17 for RHEL 9 s390x
  • Red Hat OpenShift Container Platform for IBM Z and LinuxONE 4.17 for RHEL 8 s390x
  • Red Hat OpenShift Container Platform for ARM 64 4.17 for RHEL 9 aarch64
  • Red Hat OpenShift Container Platform for ARM 64 4.17 for RHEL 8 aarch64

Fixes

  • BZ - 2347423 - CVE-2025-27144 go-jose: Go JOSE's Parsing Vulnerable to Denial of Service
  • OCPBUGS-55511 - Consumer is losing subscription to events after restarting linuxptp-daemon pod.
  • OCPBUGS-55728 - e2e is failing with "[sig-arch] events should not repeat pathologically for ns/openshift-machine-api"
  • OCPBUGS-55729 - Spot Machine should be Failed if during provisioning Machine becomes Deallocated on Azure
  • OCPBUGS-55894 - Samples Operator should sort failing image imports
  • OCPBUGS-55943 - Provide error report from ingress-to-route controller

CVEs

  • CVE-2023-52492
  • CVE-2023-52594
  • CVE-2023-52756
  • CVE-2023-52813
  • CVE-2024-0340
  • CVE-2024-26840
  • CVE-2024-26892
  • CVE-2024-35877
  • CVE-2024-35912
  • CVE-2024-47668
  • CVE-2024-53141
  • CVE-2024-53920
  • CVE-2025-27144

References

  • https://access.redhat.com/security/updates/classification/#moderate

aarch64

openshift4/driver-toolkit-rhel9@sha256:9bab5912e3d4226a52855a16440a3bbbec4d136f5e69b2e81821a2bf9ff5efbc
openshift4/frr-rhel9@sha256:1189ca4810f48d78f4f652f05202efe9077c528d79a955a09a24c1e2c366197f
openshift4/network-tools-rhel9@sha256:ad2ac98cfb376c572a63961dd2731cbc4a537271b1d4036d20f10af78fa467df
openshift4/openshift-route-controller-manager-rhel9@sha256:ff5672c892c4f8aef8168b13a77390d7b52a0f302c86fed5cc9d3d06be7a86a1
openshift4/ose-agent-installer-api-server-rhel9@sha256:1d76456cdd66b5c59327f5b273e6f9e430a26bfcf692c997a272edac22f65ab0
openshift4/ose-agent-installer-node-agent-rhel9@sha256:b38995325736ab165a6ce349187a043e4bd65440ac8d2f6a71d750a1a8dbf6e4
openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:73d696a85c6746c463beb834d407b87b267db202fd75e7de4565a4a3087fe139
openshift4/ose-cluster-samples-rhel9-operator@sha256:8b06e537a34f07502d44039760f5f73ecfe097ba88f30acd47fe6ddeb4b3d6c8
openshift4/ose-console-rhel9@sha256:f85e8ed84931f3de99c6aea8d2263c1a3fc7b76462799bdf2472b4b30eeb0af1
openshift4/ose-docker-builder-rhel9@sha256:30c9abc58256b4717f41c5f9b14a3e0c7a367fed21253ad38037484458d1ddd8
openshift4/ose-ironic-agent-rhel9@sha256:d63dd5d7933581a663440877709d0d395d6bb5b490c5528078f77cee4ca3549e
openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:cb842dc622604b7d38e5750230407e851326d9130730fd4287ec81f1743534e0
openshift4/ose-ironic-rhel9@sha256:ae6900fb15c7b571255454e43b769bda10611a180ee23bc70f3eadb638601eb1
openshift4/ose-machine-api-provider-azure-rhel9@sha256:a4a51af9911eff71004d1bd6b4763a360f1ba7836217cf5b4e7a2ad3a3f5b542
openshift4/ose-machine-config-rhel9-operator@sha256:a41a3d6d6b13fd649fff965da041983f25301adf18ba3172093d03182b672c17
openshift4/ose-monitoring-plugin-rhel9@sha256:cd9dc04edeef1b044232c88b1fe57c1a7e749cf2ef9692ba2e56dc984f866b8e
openshift4/ose-networking-console-plugin-rhel9@sha256:dc787ffcbe2b22a5ed60437004aeb4700d6a13e95858e99313899ab1a46ba68f
openshift4/ose-operator-framework-tools-rhel9@sha256:9ef253df3bf13d1f7c37ebc9d7a2645ae0545d17f93cabe32550288d21d4bda1
openshift4/ose-operator-lifecycle-manager-rhel9@sha256:f37934f5348032f6535018f51321501f343ac7a313659e36b5e462f871e21f28
openshift4/ose-operator-registry-rhel9@sha256:1216faa5708ccddc332cffb9fac694a05520d3ffa45d08a3c84fcaaaab153994
openshift4/ose-ovn-kubernetes-rhel9@sha256:9cd0b128452860f0808b4ae036a72ef628f9dd2372e2e71d5c4d88834f895b10
openshift4/ose-tests-rhel9@sha256:c2ae7c600c0c1aff23e4d3adb286e02e56c516cb6256ce6f1a701c156391213d
openshift4/ose-tools-rhel9@sha256:f3e6e4b5a259e01d5f3a9a0bddc17d497e208edadb849b063d78492bad154b39

ppc64le

openshift4/driver-toolkit-rhel9@sha256:5428b60883403a40c8fa60b8c16dec933ed6b80cb95c2beb8ddb1429e23762f4
openshift4/frr-rhel9@sha256:4397d163c1233216e314adce43e0700ebc3a84e5ec5efc88f349e5afe2fb75c7
openshift4/network-tools-rhel9@sha256:3fd28cf76a5ffe9b62c566d31b06a33117ba42539d66b13d5c00c45e03b29880
openshift4/openshift-route-controller-manager-rhel9@sha256:af3a9ea90b49eaf8eb1099788fc4a96cfa8eda31800cd9e38ad5c0a6e8bc4cf1
openshift4/ose-agent-installer-api-server-rhel9@sha256:f7bb164e6b3f7b678e37aeb7524146bba2abfd30a3464c7a044c4153983ba55c
openshift4/ose-agent-installer-node-agent-rhel9@sha256:5752e59f9a078ff1ae17352ca91d1e1aacca34160e68c3495537e710ca084fe0
openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:abb0e12289dbadd5af19e7c6f0f26005642d07fa2c25cc455cc997979c91b2f1
openshift4/ose-cluster-samples-rhel9-operator@sha256:37a3392b759142601fe75b69b479b11945f4a57946f6b71cea6c95224386084f
openshift4/ose-console-rhel9@sha256:66a880e54cea05b64ff3547a22dec4d34f2793388db8e7c3798f999fd3ad904b
openshift4/ose-docker-builder-rhel9@sha256:30f30405cca3fb056b1f5f4093bfb83f5ba36d69e5c0c16aec169c2c90172021
openshift4/ose-machine-config-rhel9-operator@sha256:43bb0a1c5f8a9203a1ba57b8819354b85fa463064302c86bc880840114e09707
openshift4/ose-monitoring-plugin-rhel9@sha256:b316a6d8ecfc97813d5ad4909b3d7fb174ac14d432c60172e92a4b60ec4ae11d
openshift4/ose-networking-console-plugin-rhel9@sha256:53a62ea827540794cfe57f691481d636468eebd1a96c0953ed7af7a2bbd8eba1
openshift4/ose-operator-framework-tools-rhel9@sha256:a51f210a6fc60bc63eaee57892406dc1f42b21afc740e99e8e30e93fd95318aa
openshift4/ose-operator-lifecycle-manager-rhel9@sha256:48bda5001950cd8f51de4f8a3ff98b26500a4209868d2a0fb858aacfd24cede1
openshift4/ose-operator-registry-rhel9@sha256:efd9127122029035c26d47e699807c70830f15c06ee544832d0cacae31b1a75f
openshift4/ose-ovn-kubernetes-rhel9@sha256:3c9cee1368b0f1678fbdff36e3bbe0521287641529005ad4eed784ef98261cbe
openshift4/ose-tests-rhel9@sha256:188b14c3b5a38b2fbcee99de4518a73a96d6f794c0adb3c24b53a4569bbe8e4d
openshift4/ose-tools-rhel9@sha256:482497ebb649342ddf776f148fe66a55f9cff987e667a7134533870c885d165e

s390x

openshift4/driver-toolkit-rhel9@sha256:e6b8337816556c516cf272080813c265930a16be09786533bc4367eba9c163e5
openshift4/frr-rhel9@sha256:293cbebebde2000633c30dbdbef8d67c7a7bc27b73a4dba65f709226d8273c78
openshift4/network-tools-rhel9@sha256:8a11a700696c7abf1815ccf9eae08a880162fb915d22eb8c44f5815611a904b7
openshift4/openshift-route-controller-manager-rhel9@sha256:5dd50068425ec334e8f3aac013f4904301d4bce14b0e9b1c80076e75808ee5cd
openshift4/ose-agent-installer-api-server-rhel9@sha256:64d48942feae48ab19150e08e54c8bd9427243b85966976fe434b91ae1ce69af
openshift4/ose-agent-installer-node-agent-rhel9@sha256:7832be6657e061579e60cc25c794202cafa884d52d9f932e6b8a68181fcd9dc2
openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:1aace716191bf852f1ebbd4e136cba55b3be8d196144c4c85671a7a35d991ce8
openshift4/ose-cluster-samples-rhel9-operator@sha256:e8704434eaaff09dc25eaad8548665dec92df3b7105132fbe05cfde523461661
openshift4/ose-console-rhel9@sha256:3774363daa8797398695cdfbfa417f1ebb05f8662fc53948e36720d6ce316c44
openshift4/ose-docker-builder-rhel9@sha256:6bc6d24af832c02ee0b795a8e66877f112d88b08d0fd2a90c9737e24ea8be4fd
openshift4/ose-machine-config-rhel9-operator@sha256:7b2cb028597bc805129ac55016a44d77c3dae485407d430775e933acb4fd734a
openshift4/ose-monitoring-plugin-rhel9@sha256:1461b57796f3ccf4f4654e3b81300e8bd046d5fe9d2e108d4418a1bf3628de23
openshift4/ose-networking-console-plugin-rhel9@sha256:b1753875b2bbf440f4f2131cecce3dc260654a2e014d715736a7a74d2b81309a
openshift4/ose-operator-framework-tools-rhel9@sha256:58ed308d3f731e3bc4a67c62aea0280dc26896b882056218b23ea070d1a5cd91
openshift4/ose-operator-lifecycle-manager-rhel9@sha256:373f848ed45d7f565b7b39aab46a3cfe454df9f8d00869ef3a6769ef92c0cfc5
openshift4/ose-operator-registry-rhel9@sha256:897fdbad4c1de1fdd78ec90154c212985185bc5131d2520e79579f5d81243210
openshift4/ose-ovn-kubernetes-rhel9@sha256:75438e14327b31bc3883f4654a4129aa1d101c8d74320d7525f24e21055f93f7
openshift4/ose-tests-rhel9@sha256:4beb0a9fd8ae6cdbad188c868308264f85cf190c0d6a651ee00bb8d9a4491d56
openshift4/ose-tools-rhel9@sha256:7dbbda23cca76cb5ad2815d648402eb0b2e8f3b5f6d522b0cdadcf72722e1bfc

x86_64

openshift4/driver-toolkit-rhel9@sha256:24df4e6efc1674d23315b68e4950c147be2d185dab828719df1c9abc5a1cde60
openshift4/frr-rhel9@sha256:445996153ca1d4b05234e0e25ee8ad829181176bc2ff816f51513cec90bd2df9
openshift4/network-tools-rhel9@sha256:f5f7951dd7b6576fad77c298f8927bb154c71bba2c4ae6b6a00fcc49590b9067
openshift4/openshift-route-controller-manager-rhel9@sha256:37f1245ef8d65aa4ae8d6674ece2c9e678eb489b94459e4e34d1e305e67cc110
openshift4/ose-agent-installer-api-server-rhel9@sha256:77d9b389bdd7e8dfc494ac6e3caf213d39bee0217a59dc04d5814f7de232ba14
openshift4/ose-agent-installer-node-agent-rhel9@sha256:3dab9b36b05dd5e15fc70016fa07661dbaa5efd1cd51147deb35b2e32897caa2
openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:b3e2968bee18c7e2a93970ef8cef3a63d7e071abec1275c2caeba77e628fc9fa
openshift4/ose-cluster-samples-rhel9-operator@sha256:d22643d93d9143410519df0e47f02ef37aa612cd286da483507e28ac540a909f
openshift4/ose-console-rhel9@sha256:9038aa52ccac7f6f5f9b138447e47281e38cae3b01d64a4520f127d01db8c3f2
openshift4/ose-docker-builder-rhel9@sha256:027987615b28d419a1b5a52b99073eb16f09d795952f4cb831c8d12fc9b5520d
openshift4/ose-ironic-agent-rhel9@sha256:4ed09bbae03a37c61f8f7ca45d30c126f9cbc92ef78f9c4ec74eda4090b97d88
openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:591ce193d46f41a36908ab67102896c42b05d391ffc357792b5afe765da79bac
openshift4/ose-ironic-rhel9@sha256:396b7df1dd9842b4ca06ac2dd5e4019356058398ff7d71b706208ab5d52c5f99
openshift4/ose-machine-api-provider-azure-rhel9@sha256:a62d8d919daa0c4d24ea7d23f09c2e1eb83c7b15254496e20e57d2098576bc02
openshift4/ose-machine-config-rhel9-operator@sha256:174c0c73da4ce6b1100a7d39ff8663a2b683aa2e4c6dbec1b476f7febbfacf9d
openshift4/ose-monitoring-plugin-rhel9@sha256:a3c563b7118c1c609140bc36e3a61627c6644eb1a2f220f100106d04427b90a3
openshift4/ose-networking-console-plugin-rhel9@sha256:ec72a0a28879f958fea40fdd1fc665be01aaf40aae966e5d1b8ce298a4989fc9
openshift4/ose-nutanix-machine-controllers-rhel9@sha256:04eaf3d4f5f581914e93ffd7f8e0096d97384e8a5a10035d9a7be59f299e68e5
openshift4/ose-operator-framework-tools-rhel9@sha256:c1cb8f2e8735b343b8386c9c4d599fbf1c3cb2e541b762e8b8eac44966d28286
openshift4/ose-operator-lifecycle-manager-rhel9@sha256:f2d5c5047f1970cc2425dd4abb84ad26279c311b9d55ea79c90a1f77469d07c1
openshift4/ose-operator-registry-rhel9@sha256:be3152154154212a70ba6ad60ee3b03f6e1caac006de1eaa61bee2cda56e8bb1
openshift4/ose-ovn-kubernetes-rhel9@sha256:24f68672aba38c21c0c045b40cd2021c43e221c0b94f997e8b9fce905695daf3
openshift4/ose-tests-rhel9@sha256:541512a7ab084b732af9ad464e27c9666326fe727aa21fc407d8ef03fece162b
openshift4/ose-tools-rhel9@sha256:958ec34abe7cabf0cebfb67f86907ffd0b38e6dd0d4e2c1c1804d2eccaa1799a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility