关键漏洞信息 漏洞概述 类型/严重性: 重要安全公告 主题: OpenShift Container Platform 4.15.50 发布,修复多个漏洞并添加增强功能。 漏洞详情 CVE编号: - CVE-2024-53150 - CVE-2024-47975 - CVE-2024-51033 - CVE-2024-41243 - CVE-2024-53150 - CVE-2024-53241 - CVE-2024-53242 - CVE-2025-0395 - CVE-2025-0624 - CVE-2025-0650 - CVE-2025-24855 - CVE-2025-29781 - CVE-2025-30204 主要漏洞描述: - Use-After-Free in libxl (xlistGetInitializedNlList) - Out-of-bounds write in grub_net_search_config_file() - Use-After-Free in libxl numbers.c - golang-jwt/jwt-go allows excessive memory allocation during header parsing - libxml use-after-free in xmlXIncludeAddNode - libxl use-after-free in xmlXIncludeAddNode - kernel: net: Out-of-bounds reads when finding clock sources - baremetal-operator/api: Bare Metal Operator (BMO) can expose any secret from other namespaces via BMCEventSubscription CRD 影响的产品 Red Hat OpenShift Container Platform 4.15 for RHEL 9, 8, 64 Red Hat OpenShift Container Platform 4.15 for RHEL 9, 8, s390x Red Hat OpenShift Container Platform for Power 4.15 for RHEL 9 ppc64le Red Hat OpenShift Container Platform for Power 4.15 for RHEL 8 ppc64le Red Hat OpenShift Container Platform for IBM Z and LinuxOne 4.15 for RHEL 9 s390x Red Hat OpenShift Container Platform for IBM Z and LinuxOne 4.15 for RHEL 8 s390x Red Hat OpenShift Container Platform for ARM 64 4.15 for RHEL 8 aarch64 解决方案 建议所有 OpenShift Container Platform 4.15 用户升级到更新的包和镜像。 提供了详细的升级文档和工具(如 oc 工具)用于检查和应用更新。