Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Red Hat: RHSA-2022:5483 Moderate MTC Security Fix Update

red hat
Calendar Grey July 1, 2022
Dist Redhat Esm H88
A significant security notification for Migration Toolkit for Containers (MTC) version 1.7.2, focusing on critical security enhancements.
The Migration Toolkit for Containers (MTC) 1.7.2 is now available

Solution

For details on how to install and use MTC, refer to:

https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/migration_toolkit_for_containers/installing-mtc

Summary

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory security update Red Hat bug fix moderate severity container migration Migration Toolkit

References

https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2020-0404 https://access.redhat.com/security/cve/CVE-2020-4788 https://access.redhat.com/security/cve/CVE-2020-13974 https://access.redhat.com/security/cve/CVE-2020-19131 https://access.redhat.com/security/cve/CVE-2020-27820 https://access.redhat.com/security/cve/CVE-2020-35492 https://access.redhat.com/security/cve/CVE-2021-0941 https://access.redhat.com/security/cve/CVE-2021-3612 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3669 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-3743 https://access.redhat.com/security/cve/CVE-2021-3744 https://access.redhat.com/security/cve/CVE-2021-3752 https://access.redhat.com/security/cve/CVE-2021-3759 https://access.redhat.com/security/cve/CVE-2021-3764 https://access.redhat.com/security/cve/CVE-2021-3772 https://access.redhat.com/security/cve/CVE-2021-3773 https://access.redhat.com/security/cve/CVE-2021-3807 https://access.redhat.com/security/cve/CVE-2021-4002 https://access.redhat.com/security/cve/CVE-2021-4037 https://access.redhat.com/security/cve/CVE-2021-4083 https://access.redhat.com/security/cve/CVE-2021-4157 Read the Full Advisory

Package List


Advisory ID: RHSA-2022:5483-01
Product: Red Hat Migration Toolkit
Advisory URL: https://access.redhat.com/errata/RHSA-2022:5483
Issue date: 2022-07-01

Topic

The Migration Toolkit for Containers (MTC) 1.7.2 is now available.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory security update Red Hat bug fix moderate severity container migration Migration Toolkit

Relevant Releases Architectures

Bugs Fixed

2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

2038898 - [UI] ?Update Repository? option not getting disabled after adding the Replication Repository details to the MTC web console

2040693 - ?Replication repository? wizard has no validation for name length

2040695 - [MTC UI] ?Add Cluster? wizard stucks when the cluster name length is more than 63 characters2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor

2048537 - Exposed route host to image registry? connecting successfully to invalid registry ?xyz.com?

2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak

2055658 - [MTC UI] Cancel button on ?Migrations? page does not disappear when migration gets Failed/Succeeded with warnings

2056962 - [MTC UI] UI shows the wrong migration type info after changing the target namespace

2058172 - [MTC UI] Successful Rollback is not showing the green success icon in the ?Last State? field.

2058529 - [MTC UI] Migrations Plan is missing the type for the state migration performed before upgrade

2061335 - [MTC UI] ?Update cluster? button is not getting disabled

2062266 - MTC UI does not display logs properly [OADP-BL]

2062862 - [MTC UI] Clusters page behaving unexpectedly on deleting the remote cluster?s service account secret from backend

Read the Full Advisory

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here