RedHat: RHSA-2021-3694:01 Moderate: Migration Toolkit for Container...

Advisories

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
                   Red Hat Security Advisory

Synopsis:          Moderate: Migration Toolkit for Containers (MTC) 1.6.0 security & bugfix update
Advisory ID:       RHSA-2021:3694-01
Product:           Red Hat Migration Toolkit
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:3694
Issue date:        2021-09-29
CVE Names:         CVE-2021-3749 CVE-2021-22922 CVE-2021-22923 
                   CVE-2021-22924 CVE-2021-36222 CVE-2021-37576 
                   CVE-2021-37750 CVE-2021-38201 
=====================================================================

1. Summary:

The Migration Toolkit for Containers (MTC) 1.6.0 is now available.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.

Security fixes:

* nodejs-axios: Regular expression denial of service in trim function
(CVE-2021-3749)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to install and use MTC, refer to:

https://docs.openshift.com/container-platform/4.8/migration_toolkit_for_con
tainers/installing-mtc.html

4. Bugs fixed (https://bugzilla.redhat.com/):

1878824 - Web console is not accessible when deployed on OpenShift cluster on IBM Cloud
1887526 - "Stage" pods fail when migrating from classic OpenShift source cluster on IBM Cloud with block storage
1899562 - MigMigration custom resource does not display an error message when a migration fails because of volume mount error
1936886 - Service account token of existing remote cluster cannot be updated by using the web console
1936894 - "Ready" status of MigHook and MigPlan custom resources is not synchronized automatically
1949117 - "Migration plan resources" page displays a permanent error message when a migration plan is deleted from the backend
1951869 - MigPlan custom resource does not detect invalid source cluster reference
1968621 - Paused deployment config causes a migration to hang
1970338 - Parallel migrations fail because the initial backup is missing
1974737 - Migration plan name length in the "Migration plan" wizard is not validated
1975369 - "Debug view" link text on "Migration plans" page can be improved
1975372 - Destination namespace in MigPlan custom resource is not validated
1976895 - Namespace mapping cannot be changed using the Migration Plan wizard
1981810 - "Excluded" resources are not excluded from the migration
1982026 - Direct image migration fails if the source URI contains a double slash ("//")
1994985 - Web console crashes when a MigPlan custom resource is created with an empty namespaces list
1996169 - When "None" is selected as the target storage class in the web console, the setting is ignored and the default storage class is used
1996627 - MigPlan custom resource displays a "PvUsageAnalysisFailed" warning after a successful PVC migration
1996784 - "Migration resources" tree on the "Migration details" page is not displayed
1996902 - "Select all" checkbox on the "Namespaces" page of the "Migration plan" wizard remains selected after a namespace is unselected
1996904 - "Migration" dialogs on the "Migration plans" page display inconsistent capitalization
1996906 - "Migration details" page link is displayed for a migration plan with no associated migrations
1996938 - Search function on "Migration plans" page displays no results
1997051 - Indirect migration from MTC 1.5.1 to 1.6.0 fails during "StageBackup" phase
1997127 - Direct volume migration "retry" feature does not work correctly after a network failure
1997173 - Migration of custom resource definitions to OpenShift Container Platform 4.9 fails because of API version incompatibility
1997180 - "migration-log-reader" pod does not log invalid Rsync options
1997665 - Selected PVCs in the "State migration" dialog are reset because of background polling
1997694 - "Update operator" link on the "Clusters" page is incorrect
1997827 - "Migration plan" wizard displays PVC names incorrectly formatted after running state migration
1998062 - Rsync pod uses upstream image
1998283 - "Migration step details" link on the "Migrations" page does not work
1998550 - "Migration plan" wizard does not support certain screen resolutions
1998581 - "Migration details" link on "Migration plans" page displays "latestIsFailed" error
1999113 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration
1999381 - MigPlan custom resource displays "Stage completed with warnings" status after successful migration
1999528 - Position of the "Add migration plan" button is different from the other "Add" buttons
1999765 - "Migrate" button on "State migration" dialog is enabled when no PVCs are selected
1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function
2000205 - "Options" menu on the "Migration details" page displays incorrect items
2000218 - Validation incorrectly blocks namespace mapping if a source cluster namespace is the same as the destination namespace
2000243 - "Migration plan" wizard does not allow a migration within the same cluster
2000644 - Invalid migration plan causes "controller" pod to crash
2000875 - State migration status on "Migrations" page displays "Stage succeeded" message
2000979 - "clusterIPs" parameter of "service" object can cause Velero errors
2001089 - Direct volume migration fails because of missing CA path configuration
2001173 - Migration plan requires two clusters
2001786 - Migration fails during "Stage Backup" step because volume path on host not found
2001829 - Migration does not complete when the namespace contains a cron job with a PVC
2001941 - Fixing PVC conflicts in state migration plan using the web console causes the migration to run twice
2002420 - "Stage" pod not created for completed application pod, causing the "mig-controller" to stall
2002608 - Migration of unmounted PVC fails during "StageBackup" phase
2002897 - Rollback migration does not complete when the namespace contains a cron job
2003603 - "View logs" dialog displays the "--selector" option, which does not print all logs
2004601 - Migration plan status on "Migration plans" page is "Ready" after migration completed with warnings
2004923 - Web console displays "New operator version available" notification for incorrect operator
2005143 - Combining Rsync and Stunnel in a single pod can degrade performance
2006316 - Web console cannot create migration plan in a proxy environment
2007175 - Web console cannot be launched in a proxy environment

5. JIRA issues fixed (https://issues.jboss.org/):

MIG-785 - Search for "Crane" in the Operator Hub should display the Migration Toolkit for Containers

6. References:

https://access.redhat.com/security/cve/CVE-2021-3749
https://access.redhat.com/security/cve/CVE-2021-22922
https://access.redhat.com/security/cve/CVE-2021-22923
https://access.redhat.com/security/cve/CVE-2021-22924
https://access.redhat.com/security/cve/CVE-2021-36222
https://access.redhat.com/security/cve/CVE-2021-37576
https://access.redhat.com/security/cve/CVE-2021-37750
https://access.redhat.com/security/cve/CVE-2021-38201
https://access.redhat.com/security/updates/classification/#moderate

7. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYVR6S9zjgjWX9erEAQi/IA//dibbtB8S9jJNYE0BubOEXKOsDzAvcl1+
M328ShvUYB2/PuAwayXMbic6Cp3mN1vI9hqkV+HBLzpPD20f0j+4mrLBanKyTinR
/UwQEoTX9JemhrHGdqDl47hLbTIWQkX39LGO99UYjqOfYSd3nb5KHE+SZI/xBFST
esmFnfyWOSjdwt7RmOjPWkWoGN8WIm3VvzhyhZU2tuis33Pl5gGBoniDBs6Za+Qg
21E3Da7aK205WSMgmUdkX2R2neZG/xto9Kb3xDDk0yBXvprUz6WcqL4OUAS1IoTk
naMS4BKxR1NmfKj1hPlinCQ1N4UWIGdaMfiUAwz3oR7FSubmoKCixrQTQqeRy/qB
MSf1cvrwiNCdUR7lI4NNEZ9SMDO/ItD7CbjzkRGXTRWkm03BnxIFxFZFEk0aBh7p
drFksMF5by1nzA10X2D1Q014MHcNnEWlr6pk5qJ029l0j+dqS/ebacOipmlslBR2
9MgIIFc5w2y+Va3sHuVwxfIhFyU9scVzO5J/7XIubvIF1UpvLrOxgCrPPqUrjpo/
ZMRm5jMj+QWbL2IfUzwPjujkLesaOt/zuOGnXioVfS2AOdd/+S6mhspyTUCcBLFM
xMqBWYzjFlYF7HCAztMBmQP6mocEthLL8bD39QHFeBKJ/1zRcP9GzJ1qqDfp1i/j
Afm7wBmuFk0=
=NYhu
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-3694:01 Moderate: Migration Toolkit for Containers (MTC)

The Migration Toolkit for Containers (MTC) 1.6.0 is now available

Summary

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security fixes:
* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to install and use MTC, refer to:https://docs.openshift.com/container-platform/4.8/migration_toolkit_for_containers/installing-mtc.html

References

https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-22922 https://access.redhat.com/security/cve/CVE-2021-22923 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37576 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/cve/CVE-2021-38201 https://access.redhat.com/security/updates/classification/#moderate

Package List

Severity
Advisory ID: RHSA-2021:3694-01
Product: Red Hat Migration Toolkit
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3694
Issued Date: : 2021-09-29
CVE Names: CVE-2021-3749 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-36222 CVE-2021-37576 CVE-2021-37750 CVE-2021-38201

Topic

The Migration Toolkit for Containers (MTC) 1.6.0 is now available.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

1878824 - Web console is not accessible when deployed on OpenShift cluster on IBM Cloud

1887526 - "Stage" pods fail when migrating from classic OpenShift source cluster on IBM Cloud with block storage

1899562 - MigMigration custom resource does not display an error message when a migration fails because of volume mount error

1936886 - Service account token of existing remote cluster cannot be updated by using the web console

1936894 - "Ready" status of MigHook and MigPlan custom resources is not synchronized automatically

1949117 - "Migration plan resources" page displays a permanent error message when a migration plan is deleted from the backend

1951869 - MigPlan custom resource does not detect invalid source cluster reference

1968621 - Paused deployment config causes a migration to hang

1970338 - Parallel migrations fail because the initial backup is missing

1974737 - Migration plan name length in the "Migration plan" wizard is not validated

1975369 - "Debug view" link text on "Migration plans" page can be improved

1975372 - Destination namespace in MigPlan custom resource is not validated

1976895 - Namespace mapping cannot be changed using the Migration Plan wizard

1981810 - "Excluded" resources are not excluded from the migration

1982026 - Direct image migration fails if the source URI contains a double slash ("//")

1994985 - Web console crashes when a MigPlan custom resource is created with an empty namespaces list

1996169 - When "None" is selected as the target storage class in the web console, the setting is ignored and the default storage class is used

1996627 - MigPlan custom resource displays a "PvUsageAnalysisFailed" warning after a successful PVC migration

1996784 - "Migration resources" tree on the "Migration details" page is not displayed

1996902 - "Select all" checkbox on the "Namespaces" page of the "Migration plan" wizard remains selected after a namespace is unselected

1996904 - "Migration" dialogs on the "Migration plans" page display inconsistent capitalization

1996906 - "Migration details" page link is displayed for a migration plan with no associated migrations

1996938 - Search function on "Migration plans" page displays no results

1997051 - Indirect migration from MTC 1.5.1 to 1.6.0 fails during "StageBackup" phase

1997127 - Direct volume migration "retry" feature does not work correctly after a network failure

1997173 - Migration of custom resource definitions to OpenShift Container Platform 4.9 fails because of API version incompatibility

1997180 - "migration-log-reader" pod does not log invalid Rsync options

1997665 - Selected PVCs in the "State migration" dialog are reset because of background polling

1997694 - "Update operator" link on the "Clusters" page is incorrect

1997827 - "Migration plan" wizard displays PVC names incorrectly formatted after running state migration

1998062 - Rsync pod uses upstream image

1998283 - "Migration step details" link on the "Migrations" page does not work

1998550 - "Migration plan" wizard does not support certain screen resolutions

1998581 - "Migration details" link on "Migration plans" page displays "latestIsFailed" error

1999113 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration

1999381 - MigPlan custom resource displays "Stage completed with warnings" status after successful migration

1999528 - Position of the "Add migration plan" button is different from the other "Add" buttons

1999765 - "Migrate" button on "State migration" dialog is enabled when no PVCs are selected

1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function

2000205 - "Options" menu on the "Migration details" page displays incorrect items

2000218 - Validation incorrectly blocks namespace mapping if a source cluster namespace is the same as the destination namespace

2000243 - "Migration plan" wizard does not allow a migration within the same cluster

2000644 - Invalid migration plan causes "controller" pod to crash

2000875 - State migration status on "Migrations" page displays "Stage succeeded" message

2000979 - "clusterIPs" parameter of "service" object can cause Velero errors

2001089 - Direct volume migration fails because of missing CA path configuration

2001173 - Migration plan requires two clusters

2001786 - Migration fails during "Stage Backup" step because volume path on host not found

2001829 - Migration does not complete when the namespace contains a cron job with a PVC

2001941 - Fixing PVC conflicts in state migration plan using the web console causes the migration to run twice

2002420 - "Stage" pod not created for completed application pod, causing the "mig-controller" to stall

2002608 - Migration of unmounted PVC fails during "StageBackup" phase

2002897 - Rollback migration does not complete when the namespace contains a cron job

2003603 - "View logs" dialog displays the "--selector" option, which does not print all logs

2004601 - Migration plan status on "Migration plans" page is "Ready" after migration completed with warnings

2004923 - Web console displays "New operator version available" notification for incorrect operator

2005143 - Combining Rsync and Stunnel in a single pod can degrade performance

2006316 - Web console cannot create migration plan in a proxy environment

2007175 - Web console cannot be launched in a proxy environment

5. JIRA issues fixed (https://issues.jboss.org/):

MIG-785 - Search for "Crane" in the Operator Hub should display the Migration Toolkit for Containers

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.