Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

RedHat RHSA-2022-0202-04 Moderate: Migration Toolkit for Containers

red hat
Calendar Grey January 20, 2022
Dist Redhat Esm H88
Recent enhancements to the Migration Toolkit for Containers (MTC) focus on resolving significant security vulnerabilities within Red Hat systems.
The Migration Toolkit for Containers (MTC) 1.6.3 is now available

Solution

For details on how to install and use MTC, refer to:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/migration_toolkit_for_containers/installing-mtc

Summary

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es):
* mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

https://access.redhat.com/security/cve/CVE-2016-4658 https://access.redhat.com/security/cve/CVE-2018-5727 https://access.redhat.com/security/cve/CVE-2018-5785 https://access.redhat.com/security/cve/CVE-2018-20845 https://access.redhat.com/security/cve/CVE-2018-20847 https://access.redhat.com/security/cve/CVE-2018-25009 https://access.redhat.com/security/cve/CVE-2018-25010 https://access.redhat.com/security/cve/CVE-2018-25012 https://access.redhat.com/security/cve/CVE-2018-25013 https://access.redhat.com/security/cve/CVE-2018-25014 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-12973 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-10001 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-13558 Read the Full Advisory

Package List


Severity
important
Lowest
Low
Medium
High
Critical

Advisory ID: RHSA-2022:0202-01
Product: Red Hat Migration Toolkit
Issue date: 2022-01-20

Topic

The Migration Toolkit for Containers (MTC) 1.6.3 is now available.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

2019088 - "MigrationController" CR displays syntax error when unquiescing applications

2021666 - Route name longer than 63 characters causes direct volume migration to fail

2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes

2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)

2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image

2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console

2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout

2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error

2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource

2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.