Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Red Hat 1.7.11 Moderate: Migration Toolkit for Containers Security Update

red hat
Calendar Grey July 27, 2023
Dist Redhat Esm H88
Red Hat has launched version 1.7.11 of its Migration Toolkit for Containers, featuring key security improvements and important bug fixes for users.
The Migration Toolkit for Containers (MTC) 1.7.11 is now available

Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Summary

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
Security Fix(es) from Bugzilla:
* net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)
* golang: html/template: improper sanitization of CSS values (CVE-2023-24539)
* golang-github-gin-gonic-gin: Improper Input Validation (CVE-2023-26125)
* golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)
* golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function (CVE-2023-29401)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat bug fix container migration Migration Toolkit

References

https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/cve/CVE-2023-24539 https://access.redhat.com/security/cve/CVE-2023-26125 https://access.redhat.com/security/cve/CVE-2023-26604 https://access.redhat.com/security/cve/CVE-2023-29400 https://access.redhat.com/security/cve/CVE-2023-29401 https://access.redhat.com/security/updates/classification#moderate

Package List


Advisory ID: RHSA-2023:4293-01
Product: Red Hat Migration Toolkit
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4293
Issue date: 2023-07-27

Topic

The Migration Toolkit for Containers (MTC) 1.7.11 is now available.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat bug fix container migration Migration Toolkit

Relevant Releases Architectures

Bugs Fixed

2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding

2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values

2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes

2203769 - CVE-2023-26125 golang-github-gin-gonic-gin: Improper Input Validation

2216957 - CVE-2023-29401 golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here