关键信息 漏洞概述 公告编号: RHSA-2025:8556 类型/严重性: 重要 主题: Red Hat OpenShift Container Platform 4.16.42 的安全更新,修复多个漏洞并添加增强功能。 影响的产品 Red Hat OpenShift Container Platform 4.16.42 解决方案 升级到 OpenShift Container Platform 4.16.42 版本,并参考相关文档进行集群升级和镜像更新。 固定的漏洞 CVE-2024-6536: OpenShift Console: Server-Side Request Forgery CVE-2023-2299: Non-invasive parsing of cross-origin content in golang.org/x/net/html CVE-2023-2266: Unexpected memory consumption during token parsing in golang.org/x/net/html CVE-2023-2202: Excessive memory allocation during header parsing CVE-2023-57640: Crash related with incorrect HTTP caused huge traffic in the cluster CVE-2023-54865: Traffic cut off after rac binding flows are removed CVE-2023-50915: CHI Live Migration gets stuck when spec.migrate.feature is in place CVE-2023-50824: Invalid error report from ingress-to-state controller CVE-2023-50594: Empty proxy variables are causing sessions during the build CVE-2023-50593: The TOC (Table Of Contents) generator assumes that every object is labeled, making it unsafe to use this process CVE-2023-50586: Error from generated code/WidebandBeamMachineConfig function can be misleading CVE-2023-50585: OCP on Azure Machine Set scaling up fails after upgrade to 4.15.46+ on non-regional zone CVE-2023-50581: Deployment created via OCP console fails to trigger an image update CVE-2023-50580: Included 4.10.7 The web-console should allow nodepool autoscale updates for worker nodes within 60 days in 4.10 and later CVE-2023-50579: MCP is improperly deployed in the separate form [OCP 4.15.44 & 4.16.38] with error "Marking degraded due to 'unexpected random disk validation against rendered-worker-XXXXXX content mismatch for the '/etc/systemd/system/bulb-deps@dependencies.target'" 参考链接 https://access.redhat.com/security/updates/classification/#important