Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 616
Alerts This Week
Warning Icon 1 616

RedHat: RHSA-2022:1740-01 Moderate: MTC Security Update Release

red hat
Calendar Grey May 5, 2022
Dist Redhat Esm H88
Security notice for Migration Toolkit for Containers (MTC) version 1.7.1, addressing bug resolutions and medium-level risk effects.
The Migration Toolkit for Containers (MTC) 1.7.1 is now available

Solution

For details on how to install and use MTC, refer to:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.16/html/migration_toolkit_for_containers/installing-mtc

Summary

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* golang: net/http: Limit growth of header canonicalization cache (CVE-2021-44716)
* golang: debug/macho: Invalid dynamic symbol table command can cause panic (CVE-2021-41771)
* golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772)
* golang: syscall: Don't close fd 0 on ForkExec error (CVE-2021-44717)
* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

References

https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-4028 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2021-41771 https://access.redhat.com/security/cve/CVE-2021-41772 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0261 https://access.redhat.com/security/cve/CVE-2022-0318 https://access.redhat.com/security/cve/CVE-2022-0359 https://access.redhat.com/security/cve/CVE-2022-0361 https://access.redhat.com/security/cve/CVE-2022-0392 https://access.redhat.com/security/cve/CVE-2022-0413 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-1154 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 Read the Full Advisory

Package List


Advisory ID: RHSA-2022:1734-01
Product: Red Hat Migration Toolkit
Issue date: 2022-05-05

Topic

The Migration Toolkit for Containers (MTC) 1.7.1 is now available.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Relevant Releases Architectures

Bugs Fixed

2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic

2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string

2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion

2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache

2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error

2040378 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [backend]

2057516 - [MTC UI] UI should not allow PVC mapping for Full migration

2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans

2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository

2061347 - [MTC] Log reader pod is missing velero and restic pod logs.

2061653 - [MTC UI] Migration Resources section showing pods from other namespaces

2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan.

2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic)

2071000 - Storage Conversion: UI doesn't have the ability to skip PVC

2072036 - Migration plan for storage conversion cannot be created if there's no replication repository

2072186 - Wrong migration type description

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.