Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
98
security advisorymoderateRed HatRed Hat 1.7.11 Moderate: Migration Toolkit for Containers Security Update
The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Migration Toolkit for Containers (MTC) 1.7.11 security and bug fix update Advisory ID: RHSA-2023:4293-01 Product: Red Hat Migration Toolkit Advisory URL: https://access.redhat.com/errata/RHSA-2023:4293 Issue date: 2023-07-27 CVE Names: CVE-2020-24736 CVE-2022-41723 CVE-2023-1667 CVE-2023-2283 CVE-2023-24329 CVE-2023-24539 CVE-2023-26125 CVE-2023-26604 CVE-2023-29400 CVE-2023-29401 ===================================================================== 1. Summary: The Migration Toolkit for Containers (MTC) 1.7.11 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es) from Bugzilla: * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723) * golang: html/template: improper sanitization of CSS values (CVE-2023-24539) * golang-github-gin-gonic-gin: Improper Input Validation (CVE-2023-26125) * golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400) *golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function (CVE-2023-29401) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values 2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes 2203769 - CVE-2023-26125 golang-github-gin-gonic-gin: Improper Input Validation 2216957 - CVE-2023-29401 golang-github-gin-gonic-gin: Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function 5. References: https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/cve/CVE-2023-24539 https://access.redhat.com/security/cve/CVE-2023-26125 https://access.redhat.com/security/cve/CVE-2023-26604 https://access.redhat.com/security/cve/CVE-2023-29400 https://access.redhat.com/security/cve/CVE-2023-29401 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJkwdRKAAoJENzjgjWX9erETLYP/i0v1WOSwBaVLef7uqjKSG4f E70Qv2TsqsrjB51UNUnGP1PjtnSrHSwfA5fN/TBn4vZkSk1pYIH/lpg1RNbvx8ls xlKMTd6bX/z4ojHbCss5AIGFxL7zqd9ZTfCfI/NopDVnAIFRDYCWh4rqEtaETBwa yioqI3py2XOd3lwSEEnaenLR35rpxt730ZLeZAl5/lvRRt7kD69r9exWAUh4sW6j JtYi6ydY8BXg0HNR+nU57XRmp0S6GfYGncYDZFyDRXTT0UMHVxtRF04VETuBjWC2 IAqp7ocRPt5woh0+HyyRA/9p+QWDP6kYY1Bb8HgKNx3xdQbwJi07Pwt4YadMTmAE igw1LmIPRIJoNKTh1MqTL00nJIU/1mO+vpkyvNhIZ94vreLJ8MyQLbLAhJYuTCby sLA2VeLnQmcdrsWDIkx+hJOsR9bydCZuIPykN4Nmstv2j6UHWg31DtaHyQQEyZtm O/V61KAUYeOd6dMvRYlgz86hvQurwGl/sYsAsIt5mV50wXB14bSfMUnYe3hM1/v3 vB6bNiPIY8UgpRl2ZnZCsVruPEyFn7+W0wCSqX3Afy5Q08lyvuPFXcD1XAm4TLES 5g1bNuIDOPu1r/AqKrC7zSVsL0QLjpyetjPnUa205Nc6LqcyfyvV2BC+61VzWm5E OTxW8GMl5qshDNCZCUVd =0sF0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 27, 2023
Red Hat
98
security advisorydenial of servicered hatRedHat: RHSA-2023-3624-01 Important: MTC 1.7.10 Denial Of Service Threat
The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Migration Toolkit for Containers (MTC) 1.7.10 security and bug fix update Advisory ID: RHSA-2023:3624-01 Product: Red Hat Migration Toolkit Advisory URL: https://access.redhat.com/errata/RHSA-2023:3624 Issue date: 2023-06-15 CVE Names: CVE-2021-46848 CVE-2022-1304 CVE-2022-2795 CVE-2022-2880 CVE-2022-3627 CVE-2022-3970 CVE-2022-4304 CVE-2022-4450 CVE-2022-25147 CVE-2022-35737 CVE-2022-36227 CVE-2022-41715 CVE-2022-41717 CVE-2022-42898 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 CVE-2023-0361 CVE-2023-1999 CVE-2023-2491 CVE-2023-22490 CVE-2023-23946 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 CVE-2023-24540 CVE-2023-25652 CVE-2023-25815 CVE-2023-27535 CVE-2023-29007 ==================================================================== 1. Summary: The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, usingthe MTC web console or the Kubernetes API. Security Fix(es) from Bugzilla: * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) * golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) * golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) * golang: go/parser: Infinite loop in parsing (CVE-2023-24537) * golang: html/template: backticks not treated as string delimiters(CVE-2023-24538) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters2184482 - CVE-2023-24536 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial of service from excessive memory allocation 2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace 2204461 - Adjust rsync options in DVM 2210565 - Direct migration completes with warnings, failing on DVM phase 2212528 - Rsync pod fails due to error in starting client-server protocol (code 5) 5.References: https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-2795 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-3627 https://access.redhat.com/security/cve/CVE-2022-3970 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-25147 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-1999 https://access.redhat.com/security/cve/CVE-2023-2491 https://access.redhat.com/security/cve/CVE-2023-22490 https://access.redhat.com/security/cve/CVE-2023-23946 https://access.redhat.com/security/cve/CVE-2023-24534 https://access.redhat.com/security/cve/CVE-2023-24536 https://access.redhat.com/security/cve/CVE-2023-24537 https://access.redhat.com/security/cve/CVE-2023-24538 https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/cve/CVE-2023-25652 https://access.redhat.com/security/cve/CVE-2023-25815 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/cve/CVE-2023-29007 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZIsIe9zjgjWX9erEAQgA0A//bsZOIKpOdr02qQ/OwtMcoothwy9wozWq xCCscfKssH+gX4xBIPj6QEgD8db7eVfcbPzihANAoBkR1JcFJdQ2Xa2rVszccexn a0cZKRPwcMYCz2s5JDmFf6uJ9En5pRyFoMo8ST5diKEP1Kal7jfZvMtUE7OxT98Z +8SzwXrKk8G8mmxP9h2/RQRYs9WKkS3FF8x5eH+66+SvtImkTfbKBWRE7+lgxeLf WxXeUvFaItWHyzJDG8fzyh8vaHrelCrNdUuz1rOtXXO8lMc4A2FeW9mFVqVf9YSe qxZtLv9jKb9KGtne4/LKnNGxeGg92+BCFQhgTZ6Po3ORCXpNCv+Yv79a1pXwAKZy ENybQonccBf2TXA5HFEfvHot4vovzEIak6Cy3WVAMU7y5tzxdyPlU33qzTL38Ihx Eb0gbaVUE8lyXsWDj/1PugYGvMQ9PjNk2SrHGsIuFLi+34tvYVRHGcJZ9SfeTngR j38TfxS9WDd+wLO/ZDIPRhVuLiAkqqV2urrvpqc177t00vrBHnB4TnKSVCK93xyJ VPJMVCoGiTx1JNMd0nTrLErMPe/OWzqpA/PZEcCmzzsHenck1tSgYlxZiwfFIlXU gEIMQ8A/A9UP4OoVG+ob2tyB/dgg/CicZKQoD/KJ6J2aRXqpFT2kSqhGQ37pplOe ROr4a9CDa68=J4k1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 15, 2023
•Important
Red Hat
98
security advisorysecurity updateRed HatRed Hat: RHSA-2022:5483 Moderate MTC Security Fix Update
The Migration Toolkit for Containers (MTC) 1.7.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update Advisory ID: RHSA-2022:5483-01 Product: Red Hat Migration Toolkit Advisory URL: https://access.redhat.com/errata/RHSA-2022:5483 Issue date: 2022-07-01 CVE Names: CVE-2018-25032 CVE-2020-0404 CVE-2020-4788 CVE-2020-13974 CVE-2020-19131 CVE-2020-27820 CVE-2020-35492 CVE-2021-0941 CVE-2021-3612 CVE-2021-3634 CVE-2021-3669 CVE-2021-3737 CVE-2021-3743 CVE-2021-3744 CVE-2021-3752 CVE-2021-3759 CVE-2021-3764 CVE-2021-3772 CVE-2021-3773 CVE-2021-3807 CVE-2021-4002 CVE-2021-4037 CVE-2021-4083 CVE-2021-4157 CVE-2021-4189 CVE-2021-4197 CVE-2021-4203 CVE-2021-20322 CVE-2021-21781 CVE-2021-26401 CVE-2021-29154 CVE-2021-37159 CVE-2021-41617 CVE-2021-41864 CVE-2021-42739 CVE-2021-43056 CVE-2021-43389 CVE-2021-43976 CVE-2021-44733 CVE-2021-45485 CVE-2021-45486 CVE-2022-0001 CVE-2022-0002 CVE-2022-0235 CVE-2022-0286 CVE-2022-0322 CVE-2022-0536 CVE-2022-1011 CVE-2022-1154 CVE-2022-1271 CVE-2022-23852 CVE-2022-26691 ==================================================================== 1. Summary: The Migration Toolkit for Containers (MTC) 1.7.2 is now available. Red Hat Product Security has rated this updateas having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es) from Bugzilla: * nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to install and use MTC, refer to: https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/migration_toolkit_for_containers/installing-mtc 4. Bugs fixed (https://bugzilla.redhat.com/): 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2038898 - [UI] ?Update Repository? option not getting disabled after adding the Replication Repository details to the MTC web console 2040693 - ?Replication repository? wizard has no validation for name length 2040695 - [MTC UI] ?Add Cluster? wizard stucks when the cluster name length is more than 63 characters2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048537 - Exposed route host to image registry? connecting successfully to invalid registry ?xyz.com? 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2055658 - [MTC UI] Cancel button on ?Migrations? page does not disappear when migrationgets Failed/Succeeded with warnings 2056962 - [MTC UI] UI shows the wrong migration type info after changing the target namespace 2058172 - [MTC UI] Successful Rollback is not showing the green success icon in the ?Last State? field. 2058529 - [MTC UI] Migrations Plan is missing the type for the state migration performed before upgrade 2061335 - [MTC UI] ?Update cluster? button is not getting disabled 2062266 - MTC UI does not display logs properly [OADP-BL] 2062862 - [MTC UI] Clusters page behaving unexpectedly on deleting the remote cluster?s service account secret from backend 2074675 - HPAs of DeploymentConfigs are not being updated when migration from Openshift 3.x to Openshift 4.x 2076593 - Velero pod log missing from UI drop down 2076599 - Velero pod log missing from downloaded logs folder [OADP-BL] 2078459 - [MTC UI] Storageclass conversion plan is adding migstorage reference in migplan 2079252 - [MTC] Rsync options logs not visible in log-reader pod 2082221 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [UI] 2082225 - non-numeric user when launching stage pods [OADP-BL] 2088022 - Default CPU requests on Velero/Restic are too demanding making scheduling fail in certain environments 2088026 - Cloud propagation phase in migration controller is not doing anything due to missing labels on Velero pods 2089126 - [MTC] Migration controller cannot find Velero Pod because of wrong labels 2089411 - [MTC] Log reader pod is missing velero and restic pod logs [OADP-BL] 2089859 - [Crane] DPA CR is missing the required flag - Migration is getting failed at the EnsureCloudSecretPropagated phase due to the missing secret VolumeMounts 2090317 - [MTC] mig-operator failed to create a DPA CR due to null values are passed instead of int [OADP-BL] 2096939 - Fix legacy operator.yml inconsistencies and errors2100486 - [MTC UI] Target storage class field is not getting respected when clusters don't have replication repo configured. 5.References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2020-0404 https://access.redhat.com/security/cve/CVE-2020-4788 https://access.redhat.com/security/cve/CVE-2020-13974 https://access.redhat.com/security/cve/CVE-2020-19131 https://access.redhat.com/security/cve/CVE-2020-27820 https://access.redhat.com/security/cve/CVE-2020-35492 https://access.redhat.com/security/cve/CVE-2021-0941 https://access.redhat.com/security/cve/CVE-2021-3612 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3669 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-3743 https://access.redhat.com/security/cve/CVE-2021-3744 https://access.redhat.com/security/cve/CVE-2021-3752 https://access.redhat.com/security/cve/CVE-2021-3759 https://access.redhat.com/security/cve/CVE-2021-3764 https://access.redhat.com/security/cve/CVE-2021-3772 https://access.redhat.com/security/cve/CVE-2021-3773 https://access.redhat.com/security/cve/CVE-2021-3807 https://access.redhat.com/security/cve/CVE-2021-4002 https://access.redhat.com/security/cve/CVE-2021-4037 https://access.redhat.com/security/cve/CVE-2021-4083 https://access.redhat.com/security/cve/CVE-2021-4157 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-4197 https://access.redhat.com/security/cve/CVE-2021-4203 https://access.redhat.com/security/cve/CVE-2021-20322 https://access.redhat.com/security/cve/CVE-2021-21781 https://access.redhat.com/security/cve/CVE-2021-26401 https://access.redhat.com/security/cve/CVE-2021-29154 https://access.redhat.com/security/cve/CVE-2021-37159 https://access.redhat.com/security/cve/CVE-2021-41617 https://access.redhat.com/security/cve/CVE-2021-41864 https://access.redhat.com/security/cve/CVE-2021-42739 https://access.redhat.com/security/cve/CVE-2021-43056 https://access.redhat.com/security/cve/CVE-2021-43389 https://access.redhat.com/security/cve/CVE-2021-43976 https://access.redhat.com/security/cve/CVE-2021-44733 https://access.redhat.com/security/cve/CVE-2021-45485 https://access.redhat.com/security/cve/CVE-2021-45486 https://access.redhat.com/security/cve/CVE-2022-0001 https://access.redhat.com/security/cve/CVE-2022-0002 https://access.redhat.com/security/cve/CVE-2022-0235 https://access.redhat.com/security/cve/CVE-2022-0286 https://access.redhat.com/security/cve/CVE-2022-0322 https://access.redhat.com/security/cve/CVE-2022-0536 https://access.redhat.com/security/cve/CVE-2022-1011 https://access.redhat.com/security/cve/CVE-2022-1154 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-26691 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYr7qBNzjgjWX9erEAQgugw//ZP+OR2wysl+DmxNE9P5ri+kd/NBxdBKg C6vlBpczeXUvPLEFp03wuoBoagTRfib6xjrKdc8+joCQv6UFYcO1kjqZqgcZgBeu xJ6y7IzygYwK+nIoN3MP9YTYrejkwe7iaQnC3vLt3SIdg+u5s4N5kht4JPcnyRtY ERa6u3OBoJ9C62y+jeQct+lziaARoldGeRtXzA70PP7WJ9N0cEvlk3AkOHsxfhZS YXKPR+v94VlzU+egp97boMXZnvjvB/pGJLLtbPQtFsWIOMMzZ9iNHv2GsxQdsTyV 0GO1PlI7vRleqiYig1pHCjCuqJ4LUxWSis1AX3GYNRnqNC4RvYh8JBx82pKAR/eI jhFC/r0A0AGzmpjHgY2S+2nz+P/O93aKr+RFfW+T+LVwAt854a0KPzZyMNWx1NPV ccRq5kcphGCNMphRm0jqK2P1/urzIEVhCN4QgsJjqiEN+JGP4c2URdlcUXHOI6td cR7jZfNb4T/sPg64h9fzip/FRoZNV3kYE8jjUd/pmFv7iJvAwuPij0H/dZsix4Zr vboj+aDdTzuWU6pXLq0Z9xjlhh2Um172HsTimBxO6l5oXrzpVKvxFgi3dp56F2ql 6mkKuEr9gDWAxCkKBXsy5UQPNny7vxWc2cVGucevOYfF51zd/7cf1UDobG6scH2r wqRrUS7nR3w=nCFJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 01, 2022
Red Hat
98
security advisorymoderateRed HatRed Hat: RHSA-2022:4814-01 Moderate: Migration Toolkit for Containers
The Migration Toolkit for Containers (MTC) 1.6.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Migration Toolkit for Containers (MTC) 1.6.5 security and bug fix update Advisory ID: RHSA-2022:4814-01 Product: Red Hat Migration Toolkit Advisory URL: https://access.redhat.com/errata/RHSA-2022:4814 Issue date: 2022-05-31 CVE Names: CVE-2018-25032 CVE-2020-0404 CVE-2020-4788 CVE-2020-13974 CVE-2020-19131 CVE-2020-27820 CVE-2020-35492 CVE-2021-0941 CVE-2021-3612 CVE-2021-3634 CVE-2021-3669 CVE-2021-3737 CVE-2021-3743 CVE-2021-3744 CVE-2021-3752 CVE-2021-3759 CVE-2021-3764 CVE-2021-3772 CVE-2021-3773 CVE-2021-3807 CVE-2021-4002 CVE-2021-4037 CVE-2021-4083 CVE-2021-4157 CVE-2021-4189 CVE-2021-4197 CVE-2021-4203 CVE-2021-20322 CVE-2021-21781 CVE-2021-26401 CVE-2021-29154 CVE-2021-37159 CVE-2021-39293 CVE-2021-41617 CVE-2021-41864 CVE-2021-42739 CVE-2021-43056 CVE-2021-43389 CVE-2021-43976 CVE-2021-44733 CVE-2021-45485 CVE-2021-45486 CVE-2022-0001 CVE-2022-0002 CVE-2022-0286 CVE-2022-0322 CVE-2022-1011 CVE-2022-1154 CVE-2022-1271 ==================================================================== 1. Summary: The Migration Toolkit for Containers (MTC) 1.6.5 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common VulnerabilityScoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807) * golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to install and use MTC, refer to: https://docs.redhat.com/en/documentation/openshift_container_platform/4.17/html/migration_toolkit_for_containers/installing-mtc 4. Bugs fixed (https://bugzilla.redhat.com/): 2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196) 2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes 2057579 - [MTC UI] Cancel button on ?Migrations? page does not disappear when migration gets Failed/Succeeded with warnings 2072311 - HPAs of DeploymentConfigs are not being updated when migration from Openshift 3.x to Openshift 4.x 2074044 - [MTC] Rsync pods are not running as privileged 2074553 - Upstream Hook Runner image requires arguments be in a different order 5.References: https://access.redhat.com/security/cve/CVE-2018-25032 https://access.redhat.com/security/cve/CVE-2020-0404 https://access.redhat.com/security/cve/CVE-2020-4788 https://access.redhat.com/security/cve/CVE-2020-13974 https://access.redhat.com/security/cve/CVE-2020-19131 https://access.redhat.com/security/cve/CVE-2020-27820 https://access.redhat.com/security/cve/CVE-2020-35492 https://access.redhat.com/security/cve/CVE-2021-0941 https://access.redhat.com/security/cve/CVE-2021-3612 https://access.redhat.com/security/cve/CVE-2021-3634 https://access.redhat.com/security/cve/CVE-2021-3669 https://access.redhat.com/security/cve/CVE-2021-3737 https://access.redhat.com/security/cve/CVE-2021-3743 https://access.redhat.com/security/cve/CVE-2021-3744 https://access.redhat.com/security/cve/CVE-2021-3752 https://access.redhat.com/security/cve/CVE-2021-3759 https://access.redhat.com/security/cve/CVE-2021-3764 https://access.redhat.com/security/cve/CVE-2021-3772 https://access.redhat.com/security/cve/CVE-2021-3773 https://access.redhat.com/security/cve/CVE-2021-3807 https://access.redhat.com/security/cve/CVE-2021-4002 https://access.redhat.com/security/cve/CVE-2021-4037 https://access.redhat.com/security/cve/CVE-2021-4083 https://access.redhat.com/security/cve/CVE-2021-4157 https://access.redhat.com/security/cve/CVE-2021-4189 https://access.redhat.com/security/cve/CVE-2021-4197 https://access.redhat.com/security/cve/CVE-2021-4203 https://access.redhat.com/security/cve/CVE-2021-20322 https://access.redhat.com/security/cve/CVE-2021-21781 https://access.redhat.com/security/cve/CVE-2021-26401 https://access.redhat.com/security/cve/CVE-2021-29154 https://access.redhat.com/security/cve/CVE-2021-37159 https://access.redhat.com/security/cve/CVE-2021-39293 https://access.redhat.com/security/cve/CVE-2021-41617 https://access.redhat.com/security/cve/CVE-2021-41864 https://access.redhat.com/security/cve/CVE-2021-42739 https://access.redhat.com/security/cve/CVE-2021-43056 https://access.redhat.com/security/cve/CVE-2021-43389 https://access.redhat.com/security/cve/CVE-2021-43976 https://access.redhat.com/security/cve/CVE-2021-44733 https://access.redhat.com/security/cve/CVE-2021-45485 https://access.redhat.com/security/cve/CVE-2021-45486 https://access.redhat.com/security/cve/CVE-2022-0001 https://access.redhat.com/security/cve/CVE-2022-0002 https://access.redhat.com/security/cve/CVE-2022-0286 https://access.redhat.com/security/cve/CVE-2022-0322 https://access.redhat.com/security/cve/CVE-2022-1011 https://access.redhat.com/security/cve/CVE-2022-1154 https://access.redhat.com/security/cve/CVE-2022-1271 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYpYjbtzjgjWX9erEAQhT7g//Z2L9uO6nxiL9MntYac7CrNFsZzo5nfqN qLiF1fkpIZ09tEQWGsfd2lEzsAAtyYOhhmCxeNkNjYkFkVO9Qs/p1VAAaFMBi3DE GuiULePVslmn2GDiujvlIPUcej9OT1oUWitZUrOIqapRCMUs7k1KK1FFMJiRp53b iC59lyHTH8Mbjbj0OWj+KlQCIJ3ejy/gzwGp9BXl15DUOhTpBefIVFob+xb0CMY8 +i0m/beinJ5LpkzgKpyr4pvxoeKmTtJmc10pqCj1BqrxgZwVAXx4x8J1vhUGJ5MJ i4Eej2XQVFv7Bs24CMdGFlXvMZR+FV2R6IxWpremV6DAfDYzvSRwY5A3CKJGcsNX 7n9d8X4yDIT84rmsdwBkcoD60OO0ijipRbVmSvBEbsnWLmHaYxnMme3gz3NJW9+2 z1/4aX/9tswJCBDUuh4sL3EgYX0OMxoRN/MKCNcWykmMcLBNYKXuIVnqlz4M/vxD LbGZXlbbQZ27XvbYcLjXta0jUguzFna/OVUzM0HIHn+/WFEQqe9JX2lggiotIvb/ NtDrYOjcceVICo4QI+E32yk7Jn8Ai+mNgdepv2GwTcQy/CEA2Gy/HXSOMzolEWkJ jhymgnci5w4pvAekigvRMgehqqIUPY+qqlL0PRJB93l5g1sm/gPAcJscZ+SEIqWQ hx/bwWtTMqg=L0aQ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 31, 2022
Red Hat
98
security advisorymoderatesecurity updateRedHat RHSA-2022-0202-04 Moderate: Migration Toolkit for Containers
The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update Advisory ID: RHSA-2022:0202-01 Product: Red Hat Migration Toolkit Advisory URL: https://access.redhat.com/errata/RHSA-2022:0202 Issue date: 2022-01-20 CVE Names: CVE-2016-4658 CVE-2018-5727 CVE-2018-5785 CVE-2018-20845 CVE-2018-20847 CVE-2018-25009 CVE-2018-25010 CVE-2018-25012 CVE-2018-25013 CVE-2018-25014 CVE-2019-5827 CVE-2019-12973 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-10001 CVE-2020-12762 CVE-2020-13435 CVE-2020-13558 CVE-2020-14145 CVE-2020-14155 CVE-2020-15389 CVE-2020-16135 CVE-2020-17541 CVE-2020-18032 CVE-2020-24370 CVE-2020-24870 CVE-2020-27814 CVE-2020-27823 CVE-2020-27824 CVE-2020-27828 CVE-2020-27842 CVE-2020-27843 CVE-2020-27845 CVE-2020-27918 CVE-2020-29623 CVE-2020-35521 CVE-2020-35522 CVE-2020-35523 CVE-2020-35524 CVE-2020-36241 CVE-2020-36330 CVE-2020-36331 CVE-2020-36332 CVE-2021-1765 CVE-2021-1788 CVE-2021-1789 CVE-2021-1799 CVE-2021-1801 CVE-2021-1844 CVE-2021-1870 CVE-2021-1871 CVE-2021-3200 CVE-2021-3272 CVE-2021-3426 CVE-2021-3445 CVE-2021-3481 CVE-2021-3572 CVE-2021-3575 CVE-2021-3580 CVE-2021-3712 CVE-2021-3733 CVE-2021-3778 CVE-2021-3796 CVE-2021-3800 CVE-2021-3948 CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 CVE-2021-20271 CVE-2021-20321 CVE-2021-21775 CVE-2021-21779 CVE-2021-21806 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 CVE-2021-26926 CVE-2021-26927 CVE-2021-27645 CVE-2021-28153 CVE-2021-28650 CVE-2021-29338 CVE-2021-30663 CVE-2021-30665 CVE-2021-30682 CVE-2021-30689 CVE-2021-30720 CVE-2021-30734 CVE-2021-30744 CVE-2021-30749 CVE-2021-30758 CVE-2021-30795 CVE-2021-30797 CVE-2021-30799 CVE-2021-31535 CVE-2021-33560 CVE-2021-33574 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-37750 CVE-2021-41617 CVE-2021-42574 CVE-2021-43527 ==================================================================== 1. Summary: The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948) Formore details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to install and use MTC, refer to: https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/migration_toolkit_for_containers/installing-mtc 4. Bugs fixed (https://bugzilla.redhat.com/): 2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef" 5.References: https://access.redhat.com/security/cve/CVE-2016-4658 https://access.redhat.com/security/cve/CVE-2018-5727 https://access.redhat.com/security/cve/CVE-2018-5785 https://access.redhat.com/security/cve/CVE-2018-20845 https://access.redhat.com/security/cve/CVE-2018-20847 https://access.redhat.com/security/cve/CVE-2018-25009 https://access.redhat.com/security/cve/CVE-2018-25010 https://access.redhat.com/security/cve/CVE-2018-25012 https://access.redhat.com/security/cve/CVE-2018-25013 https://access.redhat.com/security/cve/CVE-2018-25014 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-12973 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-10001 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-13558 https://access.redhat.com/security/cve/CVE-2020-14145 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-15389 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-17541 https://access.redhat.com/security/cve/CVE-2020-18032 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-24870 https://access.redhat.com/security/cve/CVE-2020-27814 https://access.redhat.com/security/cve/CVE-2020-27823 https://access.redhat.com/security/cve/CVE-2020-27824 https://access.redhat.com/security/cve/CVE-2020-27828 https://access.redhat.com/security/cve/CVE-2020-27842 https://access.redhat.com/security/cve/CVE-2020-27843 https://access.redhat.com/security/cve/CVE-2020-27845 https://access.redhat.com/security/cve/CVE-2020-27918 https://access.redhat.com/security/cve/CVE-2020-29623 https://access.redhat.com/security/cve/CVE-2020-35521 https://access.redhat.com/security/cve/CVE-2020-35522 https://access.redhat.com/security/cve/CVE-2020-35523 https://access.redhat.com/security/cve/CVE-2020-35524 https://access.redhat.com/security/cve/CVE-2020-36241 https://access.redhat.com/security/cve/CVE-2020-36330 https://access.redhat.com/security/cve/CVE-2020-36331 https://access.redhat.com/security/cve/CVE-2020-36332 https://access.redhat.com/security/cve/CVE-2021-1765 https://access.redhat.com/security/cve/CVE-2021-1788 https://access.redhat.com/security/cve/CVE-2021-1789 https://access.redhat.com/security/cve/CVE-2021-1799 https://access.redhat.com/security/cve/CVE-2021-1801 https://access.redhat.com/security/cve/CVE-2021-1844 https://access.redhat.com/security/cve/CVE-2021-1870 https://access.redhat.com/security/cve/CVE-2021-1871 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3272 https://access.redhat.com/security/cve/CVE-2021-3426 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3481 https://access.redhat.com/security/cve/CVE-2021-3572 https://access.redhat.com/security/cve/CVE-2021-3575 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3778 https://access.redhat.com/security/cve/CVE-2021-3796 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3948 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-20266 https://access.redhat.com/security/cve/CVE-2021-20271 https://access.redhat.com/security/cve/CVE-2021-20321 https://access.redhat.com/security/cve/CVE-2021-21775 https://access.redhat.com/security/cve/CVE-2021-21779 https://access.redhat.com/security/cve/CVE-2021-21806 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/cve/CVE-2021-26926 https://access.redhat.com/security/cve/CVE-2021-26927 https://access.redhat.com/security/cve/CVE-2021-27645 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-28650 https://access.redhat.com/security/cve/CVE-2021-29338 https://access.redhat.com/security/cve/CVE-2021-30663 https://access.redhat.com/security/cve/CVE-2021-30665 https://access.redhat.com/security/cve/CVE-2021-30682 https://access.redhat.com/security/cve/CVE-2021-30689 https://access.redhat.com/security/cve/CVE-2021-30720 https://access.redhat.com/security/cve/CVE-2021-30734 https://access.redhat.com/security/cve/CVE-2021-30744 https://access.redhat.com/security/cve/CVE-2021-30749 https://access.redhat.com/security/cve/CVE-2021-30758 https://access.redhat.com/security/cve/CVE-2021-30795 https://access.redhat.com/security/cve/CVE-2021-30797 https://access.redhat.com/security/cve/CVE-2021-30799 https://access.redhat.com/security/cve/CVE-2021-31535 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-33574 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/cve/CVE-2021-35942 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/cve/CVE-2021-41617 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/cve/CVE-2021-43527 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYelE49zjgjWX9erEAQjSRRAApKO30btZGnyA5feQQvEWah03Rb0Fdq4Z lZrWNkwHcj42c3dvonp8WHc6ROQoXRr9myr+EXyji3/lKDPWes4HQ0u70WM2v2RE qLqCnv6fT0/kJ0/liAsVlzyBsjBzf19Q8KT2cN/GslvfaFEPg3AqtEXVx51glDfB D9c3BSCdA5OBzmVW/7Em18Gtg197tl1lhfRZrd0xOmJm9uiZcbgAr77FCgYel9OS pjcemaheHSJ48dhp+r1D7FSRhCo7/OBcB/DM1jAqWKiT6LmiBE4zJ3HtepCMVDKJ SUDpn2vW29jQBhb+pTI8lSyPO0u2qqsF5qMnIYfCj2tigaW5AdevVZvBftd1d+9j AGdcOaPyKzqrp3sq2/oCe1o1KqUGMFXOAEbITK+7KagACKbA9UoF9VHgALZFzUMm iNXoQh/zpWwSWkp4YWukz2nTqcgJEL40w6loShfU5jKSDcz9J5jekYWTPTVAZrOm 4fxUhijdK+sqQEifhtPfSoxm1JSIScGcSry4qwbfJ87RJInYbINMjci/CwMaYDDu D/oowaQZdpWT8X080arwo7utlnczQ/d9nzEWvpPSkUXELBfOdyQy4X2j/L+n2Tt5 8H3Gpjj/VksCUzwv5aVtRCcgI+mJnVpET0MRMS+HMf1o8T8yetJTYunwWEyKNYJv kUeopBhYilY=1CZl -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 20, 2022
•Important
Red Hat
98
security advisoryRed Hatsecurity fixRed Hat: RHSA-2021-4848-01 Moderate: MTC 1.5.2 Security Issues
The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Migration Toolkit for Containers (MTC) 1.5.2 security update and bugfix advisory Advisory ID: RHSA-2021:4848-01 Product: Red Hat Migration Toolkit Advisory URL: https://access.redhat.com/errata/RHSA-2021:4848 Issue date: 2021-11-29 CVE Names: CVE-2018-20673 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14145 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2021-3200 CVE-2021-3445 CVE-2021-3580 CVE-2021-3620 CVE-2021-3733 CVE-2021-3757 CVE-2021-3778 CVE-2021-3796 CVE-2021-3800 CVE-2021-3948 CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 CVE-2021-23840 CVE-2021-23841 CVE-2021-27218 CVE-2021-27645 CVE-2021-28153 CVE-2021-33560 CVE-2021-33574 CVE-2021-33928 CVE-2021-33929 CVE-2021-33930 CVE-2021-33938 CVE-2021-35942 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-36222 CVE-2021-37750 ==================================================================== 1. Summary: The Migration Toolkit for Containers (MTC) 1.5.2 is now available. Red Hat Product Security has rated this update ashaving a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * nodejs-immer: prototype pollution may lead to DoS or remote code execution (CVE-2021-3757) * mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to install and use MTC, refer to: https://docs.redhat.com/en/documentation/openshift_container_platform/4.14/html/migration_toolkit_for_containers/installing-mtc 4. Bugs fixed (https://bugzilla.redhat.com/): 2000734 - CVE-2021-3757 nodejs-immer: prototype pollution may lead to DoS or remote code execution 2005438 - Combining Rsync and Stunnel in a single pod can degrade performance (1.5 backport) 2006842 - MigCluster CR remains in "unready" state and source registry is inaccessible after temporary shutdown of source cluster 2007429 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 5.References: https://access.redhat.com/security/cve/CVE-2018-20673 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14145 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3620 https://access.redhat.com/security/cve/CVE-2021-3733 https://access.redhat.com/security/cve/CVE-2021-3757 https://access.redhat.com/security/cve/CVE-2021-3778 https://access.redhat.com/security/cve/CVE-2021-3796 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3948 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-20266 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-22946 https://access.redhat.com/security/cve/CVE-2021-22947 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-27218 https://access.redhat.com/security/cve/CVE-2021-27645 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-33574 https://access.redhat.com/security/cve/CVE-2021-33928 https://access.redhat.com/security/cve/CVE-2021-33929 https://access.redhat.com/security/cve/CVE-2021-33930 https://access.redhat.com/security/cve/CVE-2021-33938 https://access.redhat.com/security/cve/CVE-2021-35942 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYaU7CNzjgjWX9erEAQi5qxAAi3QQYaLAZJEIsb+WHT9YHKG3jMM6xLtl 2TpkFYEcW+sCSi7MfKUnjpuXgZtu23cM5QHPWcEd0WhvPNtPX9Z7PqKlixPoPRvv 36cH/uIGluB8h9U4NUdvYuuv/z748mpLKRI/8tRyEe4bFiL/lwn9T9OqvK296KEU Ua6SwzLUyDgwqpICh2fopfebTF80BnjhAs1t1R9eWEQrq28FxZUEBsAtla4hAR3p 89hXXYgg/b7HjBz5XJBVKgUIhs2zYTy/9R1D/FClLyu+ZkZfNspZGMQ1PpdV8nUs /g/u4KrR0tgYs9M5UQVHPHl5FiCf+9yeNt91biCxoidWp5qH6M+fGQ2EPOoATCBv yTau8U82gjxnRrSEn5Tp+r8i7Ra7k6GJ0n3Vt3x5LFIVTzZgsHAQKzhYnMiQmrgQ qZLLIvJ3BY9jTtMp2MXh4tNiuMk8kWOHzKvw10M93HaUSaSBEW19mljxnpvtbn8F 6XFCGHp7VtVwd8SYW1Epqiyex1NkXE/D/7G5L1rfi+x1LAAHEGrGMFMKijnuaWCA TfHt/Jklzuy7S23cnBQsxOVCtmav54nOWikhNyEMJ3q8Nd5ddXzhoZqWiVZJ2Vyu R4MUojb+mhzX3nG1+9Qd5AzTLs/SctmVd1gMtiv8LE0fsKisNT/LYreZ/7FFypNW vLrDSONMTWU=E7ia -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Nov 29, 2021
Red Hat
98
security advisorymoderatedenial of serviceRed Hat 1.6.0 Moderate: Migration Toolkit For Containers Security Update
The Migration Toolkit for Containers (MTC) 1.6.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Migration Toolkit for Containers (MTC) 1.6.0 security & bugfix update Advisory ID: RHSA-2021:3694-01 Product: Red Hat Migration Toolkit Advisory URL: https://access.redhat.com/errata/RHSA-2021:3694 Issue date: 2021-09-29 CVE Names: CVE-2021-3749 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-36222 CVE-2021-37576 CVE-2021-37750 CVE-2021-38201 ==================================================================== 1. Summary: The Migration Toolkit for Containers (MTC) 1.6.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security fixes: * nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to install and use MTC, refer to: tainers/installing-mtc.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1878824 - Webconsole is not accessible when deployed on OpenShift cluster on IBM Cloud 1887526 - "Stage" pods fail when migrating from classic OpenShift source cluster on IBM Cloud with block storage 1899562 - MigMigration custom resource does not display an error message when a migration fails because of volume mount error 1936886 - Service account token of existing remote cluster cannot be updated by using the web console 1936894 - "Ready" status of MigHook and MigPlan custom resources is not synchronized automatically 1949117 - "Migration plan resources" page displays a permanent error message when a migration plan is deleted from the backend 1951869 - MigPlan custom resource does not detect invalid source cluster reference 1968621 - Paused deployment config causes a migration to hang 1970338 - Parallel migrations fail because the initial backup is missing 1974737 - Migration plan name length in the "Migration plan" wizard is not validated 1975369 - "Debug view" link text on "Migration plans" page can be improved 1975372 - Destination namespace in MigPlan custom resource is not validated 1976895 - Namespace mapping cannot be changed using the Migration Plan wizard 1981810 - "Excluded" resources are not excluded from the migration 1982026 - Direct image migration fails if the source URI contains a double slash ("//") 1994985 - Web console crashes when a MigPlan custom resource is created with an empty namespaces list 1996169 - When "None" is selected as the target storage class in the web console, the setting is ignored and the default storage class is used 1996627 - MigPlan custom resource displays a "PvUsageAnalysisFailed" warning after a successful PVC migration 1996784 - "Migration resources" tree on the "Migration details" page is not displayed 1996902 - "Select all" checkbox on the "Namespaces" page of the "Migration plan" wizard remains selected after a namespace is unselected 1996904 - "Migration" dialogs on the "Migration plans" page display inconsistent capitalization 1996906 - "Migration details" page link isdisplayed for a migration plan with no associated migrations 1996938 - Search function on "Migration plans" page displays no results 1997051 - Indirect migration from MTC 1.5.1 to 1.6.0 fails during "StageBackup" phase 1997127 - Direct volume migration "retry" feature does not work correctly after a network failure 1997173 - Migration of custom resource definitions to OpenShift Container Platform 4.9 fails because of API version incompatibility 1997180 - "migration-log-reader" pod does not log invalid Rsync options 1997665 - Selected PVCs in the "State migration" dialog are reset because of background polling 1997694 - "Update operator" link on the "Clusters" page is incorrect 1997827 - "Migration plan" wizard displays PVC names incorrectly formatted after running state migration 1998062 - Rsync pod uses upstream image 1998283 - "Migration step details" link on the "Migrations" page does not work 1998550 - "Migration plan" wizard does not support certain screen resolutions 1998581 - "Migration details" link on "Migration plans" page displays "latestIsFailed" error 1999113 - "oc describe" and "oc log" commands on "Migration resources" tree cannot be copied after failed migration 1999381 - MigPlan custom resource displays "Stage completed with warnings" status after successful migration 1999528 - Position of the "Add migration plan" button is different from the other "Add" buttons 1999765 - "Migrate" button on "State migration" dialog is enabled when no PVCs are selected 1999784 - CVE-2021-3749 nodejs-axios: Regular expression denial of service in trim function 2000205 - "Options" menu on the "Migration details" page displays incorrect items 2000218 - Validation incorrectly blocks namespace mapping if a source cluster namespace is the same as the destination namespace 2000243 - "Migration plan" wizard does not allow a migration within the same cluster 2000644 - Invalid migration plan causes "controller" pod to crash 2000875 - State migration status on "Migrations" page displays "Stage succeeded" message 2000979 -"clusterIPs" parameter of "service" object can cause Velero errors2001089 - Direct volume migration fails because of missing CA path configuration 2001173 - Migration plan requires two clusters2001786 - Migration fails during "Stage Backup" step because volume path on host not found 2001829 - Migration does not complete when the namespace contains a cron job with a PVC 2001941 - Fixing PVC conflicts in state migration plan using the web console causes the migration to run twice 2002420 - "Stage" pod not created for completed application pod, causing the "mig-controller" to stall 2002608 - Migration of unmounted PVC fails during "StageBackup" phase 2002897 - Rollback migration does not complete when the namespace contains a cron job 2003603 - "View logs" dialog displays the "--selector" option, which does not print all logs 2004601 - Migration plan status on "Migration plans" page is "Ready" after migration completed with warnings 2004923 - Web console displays "New operator version available" notification for incorrect operator 2005143 - Combining Rsync and Stunnel in a single pod can degrade performance 2006316 - Web console cannot create migration plan in a proxy environment 2007175 - Web console cannot be launched in a proxy environment 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): MIG-785 - Search for "Crane" in the Operator Hub should display the Migration Toolkit for Containers 6. References: https://access.redhat.com/security/cve/CVE-2021-3749 https://access.redhat.com/security/cve/CVE-2021-22922 https://access.redhat.com/security/cve/CVE-2021-22923 https://access.redhat.com/security/cve/CVE-2021-22924 https://access.redhat.com/security/cve/CVE-2021-36222 https://access.redhat.com/security/cve/CVE-2021-37576 https://access.redhat.com/security/cve/CVE-2021-37750 https://access.redhat.com/security/cve/CVE-2021-38201 https://access.redhat.com/security/updates/classification#moderate 7. Contact: The Red Hat security contact is . More contact details athttps://access.redhat.com/security/team/contact Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYVR6S9zjgjWX9erEAQi/IA//dibbtB8S9jJNYE0BubOEXKOsDzAvcl1+ M328ShvUYB2/PuAwayXMbic6Cp3mN1vI9hqkV+HBLzpPD20f0j+4mrLBanKyTinR /UwQEoTX9JemhrHGdqDl47hLbTIWQkX39LGO99UYjqOfYSd3nb5KHE+SZI/xBFST esmFnfyWOSjdwt7RmOjPWkWoGN8WIm3VvzhyhZU2tuis33Pl5gGBoniDBs6Za+Qg 21E3Da7aK205WSMgmUdkX2R2neZG/xto9Kb3xDDk0yBXvprUz6WcqL4OUAS1IoTk naMS4BKxR1NmfKj1hPlinCQ1N4UWIGdaMfiUAwz3oR7FSubmoKCixrQTQqeRy/qB MSf1cvrwiNCdUR7lI4NNEZ9SMDO/ItD7CbjzkRGXTRWkm03BnxIFxFZFEk0aBh7p drFksMF5by1nzA10X2D1Q014MHcNnEWlr6pk5qJ029l0j+dqS/ebacOipmlslBR2 9MgIIFc5w2y+Va3sHuVwxfIhFyU9scVzO5J/7XIubvIF1UpvLrOxgCrPPqUrjpo/ ZMRm5jMj+QWbL2IfUzwPjujkLesaOt/zuOGnXioVfS2AOdd/+S6mhspyTUCcBLFM xMqBWYzjFlYF7HCAztMBmQP6mocEthLL8bD39QHFeBKJ/1zRcP9GzJ1qqDfp1i/j Afm7wBmuFk0=NYhu -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 29, 2021
•Important
Red Hat
98
security advisorymoderateupdateRed Hat Migration Toolkit 1.5.1 Moderate: RHSA-2021-3361-01 Update
An update is now available for the Migration Toolkit for Containers (MTC) 1.5.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Migration Toolkit for Containers (MTC) 1.5.1 security and bug fix update Advisory ID: RHSA-2021:3361-01 Product: Red Hat Migration Toolkit Advisory URL: https://access.redhat.com/errata/RHSA-2021:3361 Issue date: 2021-08-31 CVE Names: CVE-2021-3114 CVE-2021-3121 CVE-2021-3516 CVE-2021-3517 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-3609 CVE-2021-3636 CVE-2021-20271 CVE-2021-21419 CVE-2021-21623 CVE-2021-21639 CVE-2021-21640 CVE-2021-21648 CVE-2021-22543 CVE-2021-22555 CVE-2021-22918 CVE-2021-25735 CVE-2021-25737 CVE-2021-27218 CVE-2021-33195 CVE-2021-33196 CVE-2021-33197 CVE-2021-33198 CVE-2021-34558 ==================================================================== 1. Summary: An update is now available for the Migration Toolkit for Containers (MTC) 1.5.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security fixes: * golang: net: lookup functions may return invalid host names (CVE-2021-33195) *golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196) * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) * golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to install and use MTC, refer to: tainers/installing-mtc.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1965503 - CVE-2021-33196 golang: archive/zip: malformed archive may cause panic or memory exhaustion 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1996125 - When "None" is selected as the target storage class in the web console, the setting is ignored and the default storage class is used 5.References: https://access.redhat.com/security/cve/CVE-2021-3114 https://access.redhat.com/security/cve/CVE-2021-3121 https://access.redhat.com/security/cve/CVE-2021-3516 https://access.redhat.com/security/cve/CVE-2021-3517 https://access.redhat.com/security/cve/CVE-2021-3518 https://access.redhat.com/security/cve/CVE-2021-3520 https://access.redhat.com/security/cve/CVE-2021-3537 https://access.redhat.com/security/cve/CVE-2021-3541 https://access.redhat.com/security/cve/CVE-2021-3609 https://access.redhat.com/security/cve/CVE-2021-3636 https://access.redhat.com/security/cve/CVE-2021-20271 https://access.redhat.com/security/cve/CVE-2021-21419 https://access.redhat.com/security/cve/CVE-2021-21623 https://access.redhat.com/security/cve/CVE-2021-21639 https://access.redhat.com/security/cve/CVE-2021-21640 https://access.redhat.com/security/cve/CVE-2021-21648 https://access.redhat.com/security/cve/CVE-2021-22543 https://access.redhat.com/security/cve/CVE-2021-22555 https://access.redhat.com/security/cve/CVE-2021-22918 https://access.redhat.com/security/cve/CVE-2021-25735 https://access.redhat.com/security/cve/CVE-2021-25737 https://access.redhat.com/security/cve/CVE-2021-27218 https://access.redhat.com/security/cve/CVE-2021-33195 https://access.redhat.com/security/cve/CVE-2021-33196 https://access.redhat.com/security/cve/CVE-2021-33197 https://access.redhat.com/security/cve/CVE-2021-33198 https://access.redhat.com/security/cve/CVE-2021-34558 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBYS3kjtzjgjWX9erEAQgl5Q//an23DVsAMO6BG0gVH2sjX0xVXmHfQv3N 9IcJ5qlizvL+RY9GQ2fTL2OKg5mBfNIXsN+5R2O4Km2M+Y/XlBSsfKmC219/dAB6 Jswi0bBYdX/P/XmF3Cj7g3bHpgLfQT0V/rHezfE1lfCtpDkQp6kcyp0XT3uh+EgG TEgc1pIl+Gk0Em/qGBgx/4xysaPfm9L2CVCHiuBJRcWHagRbjUCB8f6IqQblrzcb fz/oz0/4oO5/ezBkerkuk9PH2qEQ3EakF+TLHgsNo1aDgt3iGJxfVSTqERXpuB8I c2FsN66UVm8ElZcft23YiKsEgTHhYoFDVQ6NX95SdvPN6U2soK7XAYHoBxCbw9b9 9Zh+fQDS7x/ZX03S8AB5ymrdSAY28e4Obe8EZTn8Jf1sED8Kk/wodEKt5t5Jh3Ae lDae94qHq2RdlRrRreRPr1CrIRf5IoqXQCKQoei/QCIZvsslIB6F1vDEgj9JRMI4 HPzrIqzB4PQhOd45vamAC+bkAMqdTCxK48M90CQSu7Gd9EEfzAbkYa5B3LGYWeOX NVg/gGJotQVR8KCVLDbC1zZ7TDsJ81R/p+m59JDePQl1I5y44Ti9lSmmELAmAy+l 5fAR7auEha8qJgpQUenXdvcF3DAnaBBgKMtcGJfzc7RZNtciHa3AzESIyPEL35Z3 MHQhvRoUNC4=Hvey -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 31, 2021
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!