Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 9 articles for you...
98
security advisorysecurity updateRed HatRedHat: RHSA-2023-5447-01 Important: Migration Toolkit 1.8.0 Security
The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Migration Toolkit for Containers (MTC) 1.8.0 security and bug fix update Advisory ID: RHSA-2023:5447-01 Product: Red Hat Migration Toolkit Advisory URL: https://access.redhat.com/errata/RHSA-2023:5447 Issue date: 2023-10-05 CVE Names: CVE-2023-0800 CVE-2023-0801 CVE-2023-0802 CVE-2023-0803 CVE-2023-0804 CVE-2023-2602 CVE-2023-2603 CVE-2023-3899 CVE-2023-4863 CVE-2023-5129 CVE-2023-26115 CVE-2023-27536 CVE-2023-28321 CVE-2023-28484 CVE-2023-29469 CVE-2023-29491 CVE-2023-30630 CVE-2023-32681 ===================================================================== 1. Summary: The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * word-wrap: ReDoS (CVE-2023-26115) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. BugFix(es): * MTC version is not displayed correctly in the UI (BZ#2233026) * Indirect migration is stuck on backup stage (BZ#2233097) * Migrated application unable to pull image from internal registry on target cluster (BZ#2233103) * PodVolumeRestore remain In Progress keeping the migration stuck at Stage Restore (BZ#2233868) * Migration failing on Azure due to authorization issue (BZ#2238974) 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2216827 - CVE-2023-26115 word-wrap: ReDoS 2233026 - MTC version is not displayed correctly in the UI 2233097 - Indirect migration is stuck on backup stage 2233103 - Migrated application unable to pull image from internal registry on target cluster 2233868 - PodVolumeRestore remain In Progress keeping the migration stuck at Stage Restore 2238974 - Migration failing on Azure due to authorization issue 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): MIG-1331 - MTC generates continued requests to Azure Storage API MIG-1363 - Upgrade OADP dependency to latest version MIG-1411 - mtc-operator specification is missing related image registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8 6.References: https://access.redhat.com/security/cve/CVE-2023-0800 https://access.redhat.com/security/cve/CVE-2023-0801 https://access.redhat.com/security/cve/CVE-2023-0802 https://access.redhat.com/security/cve/CVE-2023-0803 https://access.redhat.com/security/cve/CVE-2023-0804 https://access.redhat.com/security/cve/CVE-2023-2602 https://access.redhat.com/security/cve/CVE-2023-2603 https://access.redhat.com/security/cve/CVE-2023-3899 https://access.redhat.com/security/cve/CVE-2023-4863 https://access.redhat.com/security/cve/CVE-2023-5129 https://access.redhat.com/security/cve/CVE-2023-26115 https://access.redhat.com/security/cve/CVE-2023-27536 https://access.redhat.com/security/cve/CVE-2023-28321 https://access.redhat.com/security/cve/CVE-2023-28484 https://access.redhat.com/security/cve/CVE-2023-29469 https://access.redhat.com/security/cve/CVE-2023-29491 https://access.redhat.com/security/cve/CVE-2023-30630 https://access.redhat.com/security/cve/CVE-2023-32681 https://access.redhat.com/security/updates/classification/#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJlHi0GAAoJENzjgjWX9erEfC8P/2ANhg3OMCWj6UwzdfFFrSYe l3W2up2XYeC1wBdrJHxZnqwZal65z+9XVoUliHEQeSqq3RE70Yi0l33DzyGSSchM W86n4LrG77uNDtdpbFxJw3/VCaxLaBJJYafxnmgHmjAM71kQTCT8EwBuMF+tNi6j NLIlxK2LU+w72nSqdXxp84mjkSJkmUf+NfD6x8sWhnrEc8ylAQDvhEAniVrbnWEP i1Yy/9CAf4xyvtGrzU+vnL+Ec/i5dRv8bByOjmWpLhnmadZLGOxjW09Yok1vZtp2 ZjstfmZDZBWsaydS1PV6whMrtVUrwk3as/E5JJMH8b3cMjwsgFUKwjNCeI9xsbxw rSQRTjvGqhDJgqZl7gIOLQMW/TaVSiBOWZ/Op1ffFt8BbhbQi3MCwaCN84/1RGaD ovCfqkxjhlbi2JxOCJLZ/pP9jrMlsvCBmTeqhRI7II8uTdz3NEtC9KDVWBQqMWjR eUg9uHD583sak/xiQVELKmgtdJBSeQokrKWmrC7exYlQMb1ZFBHibgEYfTl6zESt 9+LCzQ4opzhEcjaoSfHwiaD2qjpwk3NN3tWFY01I0xZ3nBXNbShigXzUtTMr4waF vHVKyjJurZVkcwgBS8czrcCjwZKRtfE1zJapVyuAn6roGR6acxv9p2y5npzZVWQo HfsLprN666qJ0q8C1j5b =5w8O -----END PGP SIGNATURE----- -- RHSA-announce mailinglist
Oct 05, 2023
•Important
Red Hat
98
security advisoryred hatbug fixRed Hat MTC 1.7.12 Moderate: Security Update RHSA-2023-4892-01
The Migration Toolkit for Containers (MTC) 1.7.12 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Migration Toolkit for Containers (MTC) 1.7.12 security and bug fix update Advisory ID: RHSA-2023:4892-01 Product: Red Hat Migration Toolkit Advisory URL: https://access.redhat.com/errata/RHSA-2023:4892 Issue date: 2023-08-31 CVE Names: CVE-2020-24736 CVE-2022-48281 CVE-2023-1667 CVE-2023-2283 CVE-2023-2828 CVE-2023-24532 CVE-2023-26604 CVE-2023-34969 CVE-2023-38408 ===================================================================== 1. Summary: The Migration Toolkit for Containers (MTC) 1.7.12 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory,refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2223355 - CVE-2023-24532 golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 5. References: https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2022-48281 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-2828 https://access.redhat.com/security/cve/CVE-2023-24532 https://access.redhat.com/security/cve/CVE-2023-26604 https://access.redhat.com/security/cve/CVE-2023-34969 https://access.redhat.com/security/cve/CVE-2023-38408 https://access.redhat.com/security/updates/classification#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJk8DbfAAoJENzjgjWX9erEafwQAIad3d6WLV4ATCb6RtrQAR+r LReHu6j1p7HRVxTWumdxr33dIW5VekHgkU57uyLfoBK2A+hNjq1sAe2xTF0oyDcr TkbHdTlkDgeGvwrfevzVH0/JZDnTCx5Iato0/dltH5P2eTANv/wn5Fah2zv//466 ckPxDYyEIn5ITyiyksS62RwPnGkRrvr5T7XLha+WNEE5FCSmFVApcYOUL5bOm94r LJ5USJx+MBMLUiIEEIj+nV5MxGkMRYLC5pHoLm3zS138zqpsqh0GtWJB2wk7ql0t tyOfhqrEbfYvVj03gB1arNl4nQmWri7t9l88j+6hGOKGIG7yERdpI0wPwpr4qzuj xG0ZoXYSyZZwNWCMblVx9WMhqwveoaGVaR58dmayihSDahndo15b12WQ59m9BWna m/XjwZZFbwI3cCsw4J/m3fSjtQIF0Hm3hW7aXwMPSryQxbPQ4aIIkhokEMXFr8Uu XsqawiyV0NONznzW8qipZXpMibZPtv9PL8JIeOxH+t5zegp2eMLa39q+Jb+ueNOk wCyBiGHufjsFBVd2ytz/EIfWNoXZsm8jRyooniAwA7G6hF1oyGt/WpWBHtWx/Ek+ IalYcoFTCp6ko5oJh8kVSyTQLsGN7yh4QwX042xscEWbH35lgMHFLsDUTP/bkpIk Ly7rO5T25XiloIul7FBb =KCSk -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 31, 2023
Red Hat
98
security advisoryfedoraimportantRedHat Migration Toolkit Important: RHSA-2023-4627-01 Critical DoS Threat
Migration Toolkit for Applications 6.2.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: Migration Toolkit for Applications security and bug fix update Advisory ID: RHSA-2023:4627-01 Product: Migration Toolkit for Applications Advisory URL: https://access.redhat.com/errata/RHSA-2023:4627 Issue date: 2023-08-14 CVE Names: CVE-2020-24736 CVE-2021-46877 CVE-2022-4492 CVE-2022-41721 CVE-2022-41723 CVE-2022-41724 CVE-2022-41725 CVE-2022-41854 CVE-2022-41881 CVE-2023-1667 CVE-2023-2283 CVE-2023-2798 CVE-2023-2828 CVE-2023-22899 CVE-2023-24329 CVE-2023-24532 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 CVE-2023-24539 CVE-2023-24540 CVE-2023-26125 CVE-2023-26604 CVE-2023-29400 CVE-2023-34104 ===================================================================== 1. Summary: Migration Toolkit for Applications 6.2.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Migration Toolkit for Applications 6.2.0 Images Security Fix(es): * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) * jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877) * undertow: Server identity in https connection is not checked by the undertow client(CVE-2022-4492) * x/net/http2/h2c: request smuggling (CVE-2022-41721) * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723) * golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724) * golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725) * dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854) * codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881) * htmlUnit: Stack overflow crash causes Denial of Service (DoS) (CVE-2023-2798) * zip4j: does not always check the MAC when decrypting a ZIP archive (CVE-2023-22899) * golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results (CVE-2023-24532) * golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) * golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) * golang: go/parser: Infinite loop in parsing (CVE-2023-24537) * golang: html/template: backticks not treated as string delimiters (CVE-2023-24538) * golang: html/template: improper sanitization of CSS values (CVE-2023-24539) * golang-github-gin-gonic-gin: Improper Input Validation (CVE-2023-26125) * golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400) * fast-xml-parser: Regex Injection via Doctype Entities (CVE-2023-34104) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2151988 - CVE-2022-41854 dev-java/snakeyaml: DoS via stack overflow 2153260 - CVE-2022-4492 undertow: Server identity in https connection is not checked by the undertowclient 2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS 2162182 - CVE-2022-41721 x/net/http2/h2c: request smuggling 2178358 - CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics 2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters 2184482 - CVE-2023-24536 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial of service from excessive memory allocation 2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing 2185278 - CVE-2023-22899 zip4j: does not always check the MAC when decrypting a ZIP archive 2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode 2196026 - CVE-2023-24539 golang: html/template: improper sanitization of CSS values 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace 2196029 - CVE-2023-29400 golang: html/template: improper handling of empty HTML attributes 2203769 - CVE-2023-26125 golang-github-gin-gonic-gin: Improper Input Validation 2210366 - CVE-2023-2798 htmlUnit: Stack overflow crash causes Denial of Service (DoS) 2221261 - CVE-2023-34104 fast-xml-parser: Regex Injection via Doctype Entities 2223355 - CVE-2023-24532 golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): MTA-1015 - Credentials filtering is missing 'Created by' filter MTA-1041 - Application inventory page crashes when deleting an application and the right panel is open MTA-194 - [RFE] Present a data in more readable format MTA-24 - [API][Application] ApiApplication returned from post method is missingthe identities name MTA-27 - [API][Credentials] It is possible to create more than one credential with the same name MTA-464 - [Custom rules] Analysis wizard stucks on custom rules page on moving "Back" from Repository tab. MTA-465 - Tags & Reports tabs for the application keeps loading while analysis in progress. MTA-468 - Incorrect description for Azure target. MTA-469 - Typo under Reports -> Current Landscape UI MTA-470 - [UI] Clear Repository button is taking few seconds to re-enable every time when we switch to different tab or perspective. MTA-472 - [Reports][RFE] "MIGRATION TOOLKIT FOR APPLICATIONS" can be renamed to "Migration Toolkit for Applications" MTA-474 - Validation issue with "Password" field when creating a new Credential MTA-476 - Tooltip text for the disabled "Delete" button under "Tags" is incorrect MTA-477 - Applications imported even after showing Rejected in "Manage Imports" page. MTA-478 - Application Inventory page doesn't get updated after the "Import" MTA-479 - Category Color missing when Tag Category is created at the time of import MTA-480 - Unable to import application with multiple tags under a single tag category. MTA-481 - [RFE] Deleting a Job function associated with Stakeholder MTA-483 - EAP6 still present as a target in downstream MTA builds 6.1.0 MTA-484 - Enforce URL validation for git repo while creating custom target MTA-485 - [UI] Filter category by name list is too long MTA-500 - Missing space in OpenLiberty target description MTA-582 - [API] Job function crud and stakeholder group crud fails MTA-590 - Identified risk table shows error when there are no data MTA-643 - [Upstream] Success alerts are broken MTA-647 - [Upstream] Remove Asterisk for member(s) while creating a stakeholder group MTA-651 - Application owner is sent if its added then manually deleted MTA-658 - [Upstream] Helper messages are displayed on blur MTA-659 - [Upstream] Source repository field accepts only git urls. MTA-674 - [RFE][API] Return reference "name" field from POST method MTA-678 - Operatorfailing smoke tests (6.2.0 / release-0.2) MTA-680 - [Upstream] [Typo] Migration waves wizard stakeholders groups' field should be in plural MTA-681 - [Upstream][RFE] Add a tooltip for delete button disabled only when selected application(s) are in a migration wave MTA-682 - [Upstream][Custom Metrics] Initiated assessments total count isn't working correctly MTA-695 - Running a second migration wave export with additional apps errors out MTA-698 - [Upstream] Replace Jira Server/Datacenter options with a single option MTA-699 - [Upstream] Not able to connect to RedHat JIRA account MTA-706 - [Upstream] [Migration Waves] Date fields can't be entered manually MTA-717 - [Credentials] Save button remains disabled while editing credentials of Jira type MTA-739 - Add a tool tip to explain what insecure communication with a Jira instance is MTA-741 - [Migration Waves] start date value is not updated correctly MTA-747 - Job function can't be removed MTA-750 - Applications cannot be selected in the Assessment tab of the Application Inventory MTA-753 - Some success notifications include two spaces MTA-761 - eap targets listed as konveyor.io/target=eapx on Analysis dialog MTA-764 - [UI] Incorrect tooltip when removing credentials MTA-765 - [UI] Incorrect tooltip when removing credentials MTA-766 - [UI] Incorrect labels in Jira connections table MTA-772 - [Upstream] Credentials of type 'Bearer' not listed in Jira instance creation dialog MTA-773 - Render analysis details as YAML for better readability. MTA-778 - Clicking ?'Show password' icon for Jira Bearer token key doesn't show the key. MTA-802 - [Regresssion] Tag list under Tag Category doesn't get updated after new tag creation MTA-807 - [Custom metrics] The METRICS_ENABLED environment variable is overridden by its default value MTA-808 - [UI] Credentials field is empty when editing existing Jira connection instance MTA-809 - [Custom metrics] Exported issues which move from "Error" to "New" state are counted twice MTA-81 - CVE-2022-41881 io.netty-netty-parent:codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS [mta-6] MTA-811 - Failed to delete an application that is associated with a ticket on the issues manager MTA-814 - [Typo] Application creation notification text starts with lowercase MTA-815 - [UI] Incrrect Jira instance type name is shown in Jira connection table MTA-826 - [Tags] Color filter isn't working correctly MTA-83 - CVE-2022-41881 org.jboss.windup.rules-windup-rulesets-parent: codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS [mta-6] MTA-84 - CVE-2022-41854 dev-java-snakeyaml: dev-java/snakeyaml: DoS via stack overflow [mta-6] MTA-845 - CSV Reports cannot be downloaded MTA-863 - [UI] Jira credentials have different names in creation wizard and filtering MTA-870 - A Migration Wave cannot be exported as a SubTask - using both Jira Datacenter and Cloud MTA-872 - After an error ,trying to export the same applications as tasks , fails with an error showing sub-tasks. MTA-873 - Exporting migration wave as an Epic does not export it to Jira - using Jira Server/Datacenter MTA-877 - in migration waves when exporting a migration wave to jira, and moving the ticket to done it changes status to "Not Started" MTA-881 - Stakeholder: Assertion is missing "No stakeholders available" MTA-89 - CVE-2022-41881 org.jboss.windup-windup-parent: codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS [mta-6] MTA-894 - [Custom metrics] Failed analysis is counted twice MTA-895 - [UI] Sometimes Jira table doesn't look consistant with other tables MTA-898 - [UI] Incorrect tooltip when the bulk deletion button is disabled on application inventory page MTA-906 - Migration Waves: The Name field doesn't have the "too sort" validation MTA-908 - [UI] Incorrect sorting by URL for Jira instances MTA-909 - Tags: Tag Category field is missing helper message "This field is required." MTA-91 - CVE-2022-41881 org.jboss.windup.plugin-windup-maven-plugin-parent: codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS [mta-6] MTA-912 - in migration waves - after applyingwrong dates, correcting the dates does not remove the error message MTA-916 - Application Inventory : Sorting applications on tag count is broken MTA-923 - in migration waves - when creating two migration waves with same name and same dates - once trying to create the second one an error pops "Failed to create migration wave." MTA-93 - CVE-2022-4492 org.keycloak-keycloak-parent: undertow: Server identity in https connection is not checked by the undertow client [mta-6] MTA-937 - in migration waves - selecting one migration wave using individual check box will automatically select all applications with the same name MTA-943 - [UI] Incorrect sorting in reports MTA-973 - Jira Configuration: Success alert is missing while creating any new jira instance MTA-974 - Success notification text starts with lowercase MTA-984 - Dependencies: Unable to Connect there is an error retrieving data MTA-985 - [Custom rules in analysis] Enforce URL validation for git repo 6.References: https://access.redhat.com/security/cve/CVE-2020-24736 https://access.redhat.com/security/cve/CVE-2021-46877 https://access.redhat.com/security/cve/CVE-2022-4492 https://access.redhat.com/security/cve/CVE-2022-41721 https://access.redhat.com/security/cve/CVE-2022-41723 https://access.redhat.com/security/cve/CVE-2022-41724 https://access.redhat.com/security/cve/CVE-2022-41725 https://access.redhat.com/security/cve/CVE-2022-41854 https://access.redhat.com/security/cve/CVE-2022-41881 https://access.redhat.com/security/cve/CVE-2023-1667 https://access.redhat.com/security/cve/CVE-2023-2283 https://access.redhat.com/security/cve/CVE-2023-2798 https://access.redhat.com/security/cve/CVE-2023-2828 https://access.redhat.com/security/cve/CVE-2023-22899 https://access.redhat.com/security/cve/CVE-2023-24329 https://access.redhat.com/security/cve/CVE-2023-24532 https://access.redhat.com/security/cve/CVE-2023-24534 https://access.redhat.com/security/cve/CVE-2023-24536 https://access.redhat.com/security/cve/CVE-2023-24537 https://access.redhat.com/security/cve/CVE-2023-24538 https://access.redhat.com/security/cve/CVE-2023-24539 https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/cve/CVE-2023-26125 https://access.redhat.com/security/cve/CVE-2023-26604 https://access.redhat.com/security/cve/CVE-2023-29400 https://access.redhat.com/security/cve/CVE-2023-34104 https://access.redhat.com/security/updates/classification#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIcBAEBCAAGBQJk2Y9pAAoJENzjgjWX9erEhloP+wVFIYOtxx6UGUCxSjGbX4qz 655durO1rCnxksr0gaVGu4/sXDXQ/5Ez8M3qX2hqiM6PF2viv5iNarNHsv39g8Lq 3zIFMCvu633vO0USRzb1L9sacNJMm+2r5ENGsuthDBVJMMDVm+7mFz83k8uJXAQt A+FAG5V0ZdIKBbNyhOzyuB2HBWDfVwOjRKDPdWyB9Jj/81w0dFjNy7hhVkziWhQi 5KA2A17fnRPgNDfUbK3QwRCKLZft9otY70ajBCrV2OxNnkuNjgNWjM2MLyFQcmFx rVU4zCEHhOV+XV3samGnHd/tVlaTpiYi7SMQz0WmHnzuiJFGOc8e8sMMY1baNPS7 8e/XPpvxBqL6xA3b94P9IHH3mT2kyzjxon443EIVbLXj9MpHuJzUnum6EDB+CiuN eAYE4Gp6v8gEID9+qAiBPDPY8YN3xrnBqTRpG8PFPusgzpFf58mvRAgfe2LCnxrk DeL/+vv+qQMdd/2Y4ZSUb/VYW0GaShUwuJpQJGav20Lpq9vPZ02NpzqzaRgYoMey ei2SWA2hLn/Rv91QU8aE2ZtVZauqAoC+tOFU/5z574GUDWfvL6ciKimiG24B77Yh eQHG2R5dAF3LpiTL8bI3Jbv2nH1tKnPRf4vr76VoOtTkh6oCJ7jxkyJs7BdaVBXa dtHt/tOKxsM3gxE4JPHw =wiIB -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 14, 2023
•Important
Red Hat
98
security advisorydenial of servicered hatRedHat: RHSA-2023-3624-01 Important: MTC 1.7.10 Denial Of Service Threat
The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Migration Toolkit for Containers (MTC) 1.7.10 security and bug fix update Advisory ID: RHSA-2023:3624-01 Product: Red Hat Migration Toolkit Advisory URL: https://access.redhat.com/errata/RHSA-2023:3624 Issue date: 2023-06-15 CVE Names: CVE-2021-46848 CVE-2022-1304 CVE-2022-2795 CVE-2022-2880 CVE-2022-3627 CVE-2022-3970 CVE-2022-4304 CVE-2022-4450 CVE-2022-25147 CVE-2022-35737 CVE-2022-36227 CVE-2022-41715 CVE-2022-41717 CVE-2022-42898 CVE-2022-47629 CVE-2023-0215 CVE-2023-0286 CVE-2023-0361 CVE-2023-1999 CVE-2023-2491 CVE-2023-22490 CVE-2023-23946 CVE-2023-24534 CVE-2023-24536 CVE-2023-24537 CVE-2023-24538 CVE-2023-24540 CVE-2023-25652 CVE-2023-25815 CVE-2023-27535 CVE-2023-29007 ==================================================================== 1. Summary: The Migration Toolkit for Containers (MTC) 1.7.10 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, usingthe MTC web console or the Kubernetes API. Security Fix(es) from Bugzilla: * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) * golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534) * golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536) * golang: go/parser: Infinite loop in parsing (CVE-2023-24537) * golang: html/template: backticks not treated as string delimiters(CVE-2023-24538) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2184481 - CVE-2023-24538 golang: html/template: backticks not treated as string delimiters2184482 - CVE-2023-24536 golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption 2184483 - CVE-2023-24534 golang: net/http, net/textproto: denial of service from excessive memory allocation 2184484 - CVE-2023-24537 golang: go/parser: Infinite loop in parsing 2196027 - CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace 2204461 - Adjust rsync options in DVM 2210565 - Direct migration completes with warnings, failing on DVM phase 2212528 - Rsync pod fails due to error in starting client-server protocol (code 5) 5.References: https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-1304 https://access.redhat.com/security/cve/CVE-2022-2795 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-3627 https://access.redhat.com/security/cve/CVE-2022-3970 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-25147 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/cve/CVE-2022-41717 https://access.redhat.com/security/cve/CVE-2022-42898 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-1999 https://access.redhat.com/security/cve/CVE-2023-2491 https://access.redhat.com/security/cve/CVE-2023-22490 https://access.redhat.com/security/cve/CVE-2023-23946 https://access.redhat.com/security/cve/CVE-2023-24534 https://access.redhat.com/security/cve/CVE-2023-24536 https://access.redhat.com/security/cve/CVE-2023-24537 https://access.redhat.com/security/cve/CVE-2023-24538 https://access.redhat.com/security/cve/CVE-2023-24540 https://access.redhat.com/security/cve/CVE-2023-25652 https://access.redhat.com/security/cve/CVE-2023-25815 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/cve/CVE-2023-29007 https://access.redhat.com/security/updates/classification#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZIsIe9zjgjWX9erEAQgA0A//bsZOIKpOdr02qQ/OwtMcoothwy9wozWq xCCscfKssH+gX4xBIPj6QEgD8db7eVfcbPzihANAoBkR1JcFJdQ2Xa2rVszccexn a0cZKRPwcMYCz2s5JDmFf6uJ9En5pRyFoMo8ST5diKEP1Kal7jfZvMtUE7OxT98Z +8SzwXrKk8G8mmxP9h2/RQRYs9WKkS3FF8x5eH+66+SvtImkTfbKBWRE7+lgxeLf WxXeUvFaItWHyzJDG8fzyh8vaHrelCrNdUuz1rOtXXO8lMc4A2FeW9mFVqVf9YSe qxZtLv9jKb9KGtne4/LKnNGxeGg92+BCFQhgTZ6Po3ORCXpNCv+Yv79a1pXwAKZy ENybQonccBf2TXA5HFEfvHot4vovzEIak6Cy3WVAMU7y5tzxdyPlU33qzTL38Ihx Eb0gbaVUE8lyXsWDj/1PugYGvMQ9PjNk2SrHGsIuFLi+34tvYVRHGcJZ9SfeTngR j38TfxS9WDd+wLO/ZDIPRhVuLiAkqqV2urrvpqc177t00vrBHnB4TnKSVCK93xyJ VPJMVCoGiTx1JNMd0nTrLErMPe/OWzqpA/PZEcCmzzsHenck1tSgYlxZiwfFIlXU gEIMQ8A/A9UP4OoVG+ob2tyB/dgg/CicZKQoD/KJ6J2aRXqpFT2kSqhGQ37pplOe ROr4a9CDa68=J4k1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 15, 2023
•Important
Red Hat
98
security advisorysecurity updatered hatRed Hat RHSA-2023-3373 Moderate: Migration Toolkit DoS Issues
An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8. Red Hat Product Security has rated this update as having a security impact. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Migration Toolkit for Runtimes security update Advisory ID: RHSA-2023:3373-02 Product: Migration Toolkit for Runtimes Advisory URL: https://access.redhat.com/errata/RHSA-2023:3373 Issue date: 2023-05-31 Updated on: 2023-06-02 CVE Names: CVE-2021-46877 CVE-2022-36227 CVE-2022-41854 CVE-2022-41881 CVE-2023-0361 CVE-2023-21930 CVE-2023-21937 CVE-2023-21938 CVE-2023-21939 CVE-2023-21954 CVE-2023-21967 CVE-2023-21968 CVE-2023-27535 CVE-2023-28617 ==================================================================== 1. Summary: An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Migration Toolkit for Runtimes 1.1.0 Images Security Fix(es): * jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode (CVE-2021-46877) * dev-java/snakeyaml: DoS via stack overflow (CVE-2022-41854) * codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS (CVE-2022-41881) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed inthe References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2151988 - CVE-2022-41854 dev-java/snakeyaml: DoS via stack overflow 2153379 - CVE-2022-41881 codec-haproxy: HAProxyMessageDecoder Stack Exhaustion DoS 2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode 5. References: https://access.redhat.com/security/cve/CVE-2021-46877 https://access.redhat.com/security/cve/CVE-2022-36227 https://access.redhat.com/security/cve/CVE-2022-41854 https://access.redhat.com/security/cve/CVE-2022-41881 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-21930 https://access.redhat.com/security/cve/CVE-2023-21937 https://access.redhat.com/security/cve/CVE-2023-21938 https://access.redhat.com/security/cve/CVE-2023-21939 https://access.redhat.com/security/cve/CVE-2023-21954 https://access.redhat.com/security/cve/CVE-2023-21967 https://access.redhat.com/security/cve/CVE-2023-21968 https://access.redhat.com/security/cve/CVE-2023-27535 https://access.redhat.com/security/cve/CVE-2023-28617 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZHo3l9zjgjWX9erEAQgYdA//SADKLAg0PAE8F65a3yz+AiiOEK4xlP8W VOfcKZq5/EnsOvXz7ux0yy+2YxvYtRTZk/HtZ7q99CNiKxY6AbKzrHqRQD9w2Jxy Md+hFMvHcgLIqVtt9OZky14TnxU2+8G5viYFn3HKzWoXfrVHEjzZshBbjhDCGb3Z ncUJEVxHRsEv4DSxT5sobEMhn7MBI6S339mBYrGMch1dNem/2Jw0soQ6UG/uVHcU yoqkb/o8gR6boO/DXu7bKjOG2kizjL3bd51sSGr0BDEQoXbfBSSsTQTvqSLPN9gh 4b/vbZQ+Q944+AJ+NmSeoCSYoSIg6WQ2g+rpOPy64tJVuvGOb/k8CsGGioe+BIAe xeMyWIxrai0+GkZcaZkmmmoPOQCLVNNjvwB85nqXAbMDLiCfQOxxc3t04BOXnBDm Bcj03OEm4V3/EG4rXPAKcMYB9K4UZHYPtgU/xX7NjnNUYA3fiHUM6ok7kEAudd7H 6tFpeZhc3XuQy9fMPwnSwoz3w1sBNX9QE8/vGvuNyMfSQQesF1Wd1AYVWsjI8m+9 L5pIXOivLUsFWcbkk81764MyRSM9txMyE1y3bUc3XCAUedQuwSc1vjLBUYGu+Kmu DSv/GbKQSCLBqY2diNL/c3W4VWWUKzm93XoJtIsrfv3RNXMGf24PjQaDpaNtcCU6 tAyCy5WuTMo=9mf1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jun 02, 2023
Red Hat
98
security advisorydenial of servicered hatRed Hat: RHSA-2023-2041-01 Important: Migration Toolkit Security Fixes
Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Migration Toolkit for Applications security and bug fix update Advisory ID: RHSA-2023:2041-01 Product: MTA Advisory URL: https://access.redhat.com/errata/RHSA-2023:2041 Issue date: 2023-04-27 CVE Names: CVE-2021-4235 CVE-2022-1705 CVE-2022-2879 CVE-2022-2880 CVE-2022-2995 CVE-2022-3162 CVE-2022-3172 CVE-2022-3259 CVE-2022-3466 CVE-2022-3782 CVE-2022-4304 CVE-2022-4450 CVE-2022-27664 CVE-2022-30631 CVE-2022-31690 CVE-2022-32148 CVE-2022-32189 CVE-2022-32190 CVE-2022-41715 CVE-2022-41966 CVE-2022-46364 CVE-2023-0215 CVE-2023-0286 CVE-2023-0361 CVE-2023-0767 CVE-2023-23916 ==================================================================== 1. Summary: Migration Toolkit for Applications 6.1.0 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Migration Toolkit for Applications 6.1.0 Images Security Fix(es): * keycloak: path traversal via double URL encoding (CVE-2022-3782) * spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690) * xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow(CVE-2022-41966) * Apache CXF: SSRF Vulnerability (CVE-2022-46364) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2162200 - CVE-2022-31690 spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client 2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow 5. JIRA issues fixed (https://redhat.atlassian.net/jira/projects): MTA-118 - Automated tagging of resources with Windup MTA-123 - MTA crashes cluster nodes when running bulk binary analysis due to requests and limits not being configurable MTA-129 - User field in Manage Import is empty MTA-160 - [Upstream] Maven Repositories "No QueryClient set, use QueryClientProvider to set one" MTA-204 - Every http request made to tagtypes returns HTTP Status 404 MTA-256 - Update application import template MTA-260 - [Regression] Application import through OOTB import template fails MTA-261 - [Regression] UI incorrectly reports target applications have in-progress/complete assessment MTA-263 - [Regression] Discard assessment option present even when assessment is not complete MTA-267 - Analysis EAP targets should include eap8 MTA-268 - RFE: Automated Tagging details to add on Review analysis details page MTA-279 - All types of Source analysis is failing in MTA 6.1.0 MTA-28 - Success Alert is not displayed when subsequent analysis are submitted MTA-282 - Discarding review results in 404 error MTA-283 - Sorting broken on Application inventory page MTA-284 - HTML reports download withno files in reports and stats foldersMTA-29 - Asterisk on Description while creating a credentials should be removed MTA-297 - [Custom migration targets] Cannot upload JPG file as an icon MTA-298 - [Custom migration targets] Unclear error when uploading image greater than 1Mb of size MTA-299 - [RFE][Custom migration targets] Assign an icon: Add image max size in the note under the image name MTA-300 - [Custom rules] Cannot upload more than one rules file MTA-303 - [UI][Custom migration targets] The word "Please" should be removed from the error message about existing custom target name MTA-304 - [Custom rules] Failed analysis when retrieving custom rules files from a repository MTA-306 - MTA allows the uploading of multiple binaries for analysis MTA-311 - MTA operator fails to reconcile on a clean (non-upgrade) install MTA-314 - PVCs may not provision if storageClassName is not set. MTA-330 - With auth disabled, 'username' seen in the persona dropdown MTA-332 - Tagging: Few Tags are highlighted with color MTA-34 - Cannot filter by Business Service when copying assessments MTA-345 - [Custom migration targets] Error message "imageID must be defined" is displayed when uploading image MTA-35 - Only the first notification is displayed when discarding multiple copied assessments MTA-350 - Maven Central links from the dependencies tab in reports seem to be broken MTA-351 - AspectJ is not identified as an Open Source Library MTA-356 - The inventory view has to be refreshed for the tags that were assigned by an analysis to appear MTA-363 - [UI][Custom migration targets] "Repository type" field name is missing MTA-364 - [Custom migration targets] Unknown image file when editing a custom migration target MTA-366 - Tagging: For no tags attached "filter by" can be improved MTA-367 - [Custom migration targets] Cannot use a custom migration target in analysis MTA-369 - Custom migration targets: HTML elements are duplicated MTA-375 - Run button does not execute the analysis MTA-377 - [UI][Custom rules] Custom rules screen ofthe analysis configuration wizard is always marked as required MTA-378 - [UI][Custom rules] Info message on the Custom rules screen is not updated MTA-38 - Only the first notification is displayed when multiple files are imported. MTA-381 - Custom Rules: When try to update Add rules the Error alert is displayed MTA-382 - Custom Rules: Sometimes able to upload duplicate rules files MTA-388 - CSV reports download empty when enabling the option after an analysis MTA-389 - [Custom rules in Analysis] Failed analysis when retrieving custom rules files from a private repository MTA-391 - [Custom rules in Analysis] Targets from uploaded rules file are not removed once the file is removed MTA-392 - Unable to see all custom migration targets when using a vertical monitor MTA-41 - [UI] Failed to refresh token if Keycloak feature "Use Refresh Tokens" is off MTA-412 - Display alert message before reviewing an already reviewed application MTA-428 - [Custom Rules] MTA analysis custom rules conflict message MTA-430 - Analysis wizard: Next button should be enabled only after at least one target is selected MTA-438 - Tagging: Retrieving tags needs a loading indicator MTA-439 - [Regression][Custom rules] Failed to run analysis with custom rules from a repository MTA-443 - Custom rules: Add button can be disabled until duplicate rule file is removed MTA-50 - RFE: Replace the MTA acronym in the title with "Migration Toolkit for Applications" MTA-51 - RFE: " Select the list of packages to be analyzed manually" to modify the title MTA-52 - [RFE] We can change "Not associated artifact" to "No associated artifact" MTA-55 - Can't choose a custom rule via a file explorer(mac OS finder) in Tackle 2.0 MTA-78 - CVE-2022-46364 org.keycloak-keycloak-parent: Apache CXF: SSRF Vulnerability [mta-6.0] MTA-99 - Unable to use root path during checking for maven dependencies 6.References: https://access.redhat.com/security/cve/CVE-2021-4235 https://access.redhat.com/security/cve/CVE-2022-1705 https://access.redhat.com/security/cve/CVE-2022-2879 https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-2995 https://access.redhat.com/security/cve/CVE-2022-3162 https://access.redhat.com/security/cve/CVE-2022-3172 https://access.redhat.com/security/cve/CVE-2022-3259 https://access.redhat.com/security/cve/CVE-2022-3466 https://access.redhat.com/security/cve/CVE-2022-3782 https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-27664 https://access.redhat.com/security/cve/CVE-2022-30631 https://access.redhat.com/security/cve/CVE-2022-31690 https://access.redhat.com/security/cve/CVE-2022-32148 https://access.redhat.com/security/cve/CVE-2022-32189 https://access.redhat.com/security/cve/CVE-2022-32190 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/cve/CVE-2022-41966 https://access.redhat.com/security/cve/CVE-2022-46364 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-0767 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/updates/classification#important 7. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZEoN2tzjgjWX9erEAQjXnBAAkmnEp2E4V5MqKE1ceN2bdJtHXjPUVaUI bmdKlIdZ2gs+C5SvhiOPIoAXgFIME2EoyzKTcNavcqxw1SElOZ8lT9Be4JMBqvBy sFR2vYd7mVlCbfKMpYGk9AO6sVs+ZxCDQVWZz69+5y+fZrCn/dUa9BmKC6rqOiCe MKLXIfc0rYvFJzaD7jKYF7PhPbZN3yYnI03xTeSHVnrTemf+YeDgituvoljGjqXX h9A5TPrEx+RF/bPL9Vyvcs256BK7Ys/vtGwaGLiIHlOF7KvRqiMwWoFGyDppFNU+ K+iAgQZMWyAzdPz729Q+Tp2yjojUrgzhliDpcHihjUMjqo46QJF+T7jSeBcwkSAi zqhBllaAoZj4KTFXA+QzGyOMrx+74HZmjPALkQxbHL5jvDhOUX1S0+kG5cLldXW0 PA3X61KWtkUqD0FGAHBgo1ka2bGsYERPxR0mOKr9C+/05tJ/zkkW+UFYYI23uQD2 aEMJ/eiq47GOOPpyCOToLNclpG09TuhbBL3JfMWLznZIhFI77GXFGlzsTZzvamNq GM/fvG8uJO1cSL7EtO1i5yODU5D3svF1fDcBdXSDLFiQAolwhttbqbLvdtQRpIby 53OPBb5XzisPvmKcvK9aDEuggRmjYDWlZO0P3U1RArxT7S83orLIWhl4TXL34Tp+ xa5WuwmXIXM=S/aL -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 27, 2023
•Important
Red Hat
98
security advisoryRed Hatsecurity fixRed Hat 1.0.2: RHSA-2023-1286 Important: Migration Toolkit Security Fixes
Migration Toolkit for Runtimes 1.0.2 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Migration Toolkit for Runtimes security bug fix and enhancement update Advisory ID: RHSA-2023:1286-01 Product: Migration Toolkit for Runtimes Advisory URL: https://access.redhat.com/errata/RHSA-2023:1286 Issue date: 2023-03-16 CVE Names: CVE-2021-46848 CVE-2022-2056 CVE-2022-2057 CVE-2022-2058 CVE-2022-2519 CVE-2022-2520 CVE-2022-2521 CVE-2022-2867 CVE-2022-2868 CVE-2022-2869 CVE-2022-2953 CVE-2022-4415 CVE-2022-31690 CVE-2022-35737 CVE-2022-40303 CVE-2022-40304 CVE-2022-41966 CVE-2022-42010 CVE-2022-42011 CVE-2022-42012 CVE-2022-43680 CVE-2022-46364 CVE-2022-47629 CVE-2023-21835 CVE-2023-21843 ==================================================================== 1. Summary: Migration Toolkit for Runtimes 1.0.2 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Migration Toolkit for Runtimes 1.0.2 Images Security Fix(es): * spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690) * xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966) * Apache CXF: SSRF Vulnerability (CVE-2022-46364) Formore details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2162200 - CVE-2022-31690 spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client 2170431 - CVE-2022-41966 xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow 5.References: https://access.redhat.com/security/cve/CVE-2021-46848 https://access.redhat.com/security/cve/CVE-2022-2056 https://access.redhat.com/security/cve/CVE-2022-2057 https://access.redhat.com/security/cve/CVE-2022-2058 https://access.redhat.com/security/cve/CVE-2022-2519 https://access.redhat.com/security/cve/CVE-2022-2520 https://access.redhat.com/security/cve/CVE-2022-2521 https://access.redhat.com/security/cve/CVE-2022-2867 https://access.redhat.com/security/cve/CVE-2022-2868 https://access.redhat.com/security/cve/CVE-2022-2869 https://access.redhat.com/security/cve/CVE-2022-2953 https://access.redhat.com/security/cve/CVE-2022-4415 https://access.redhat.com/security/cve/CVE-2022-31690 https://access.redhat.com/security/cve/CVE-2022-35737 https://access.redhat.com/security/cve/CVE-2022-40303 https://access.redhat.com/security/cve/CVE-2022-40304 https://access.redhat.com/security/cve/CVE-2022-41966 https://access.redhat.com/security/cve/CVE-2022-42010 https://access.redhat.com/security/cve/CVE-2022-42011 https://access.redhat.com/security/cve/CVE-2022-42012 https://access.redhat.com/security/cve/CVE-2022-43680 https://access.redhat.com/security/cve/CVE-2022-46364 https://access.redhat.com/security/cve/CVE-2022-47629 https://access.redhat.com/security/cve/CVE-2023-21835 https://access.redhat.com/security/cve/CVE-2023-21843 https://access.redhat.com/security/updates/classification/#important 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZBMyj9zjgjWX9erEAQjYeQ//UuRPtn96y1y86Oy3h22AOmgbhm+14j0E QdVf/7R+cdOrhTh/U8Q0J+TyB69aqqFkPkt13hK55C6/GR+BF3hxsmEeYPEU09XA 4b0lfu9Wx+o707zPB6PRhMA8nNAnXfkeu9LNGSHY/jLBug6KXSlyQ9/h0HWB4j19 xFdUUlfW2wDjzV8j697garKk6oGY+3VOMF3RbD35EWCSOdLrX3aY+tsqunk0dCMJ GE7uHxqoDtYNWnQAQnd4gCydhl1RRGq2tzY1OClEZ4/zpFQWs3nLIkeUCGs+mCfk gp8tz+/zyytxSa/Oweak6Z50UC2qlYonPAH8883E181un0vq2NMeJdNlBzPnlO3P ebUZgoS1jE07BN/rack9NBUjnTQ8t/vpeDavjjhQPgjsiSUcrQwSR4YhckbKz07B muvOo6vz645punZ+BwYMvjT9XAR9Tx5JfuureeQOVvi3iiGgiR4cfreKXX/Xt2gh /7ALcDeV05P41SN6d+z7fvEaXpdYwSs2H4Wbf+oEpV9FUockEElrYSOYrZVQ6Muh H6m/hboerV8SBn3JrM3egj+sXZw4pCitrotFQB1HM6/duS5uY0m0dDAaCR8DCJcL qV6cNHOBjtXYAxxextdcrbF+IwoGWDrOuifIL2OSQgT/Qvh0AaSAWe+FCNPHfIJY MW3fEoqdc88=4fmY -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 16, 2023
•Important
Red Hat
98
security advisoryRed Hatsecurity fixRedHat RHSA-2023-1285-01 Important: Migration Toolkit Security Fixes
Migration Toolkit for Runtimes 1.0.2 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Migration Toolkit for Runtimes security bug fix and enhancement update Advisory ID: RHSA-2023:1285-01 Product: Migration Toolkit for Runtimes Advisory URL: https://access.redhat.com/errata/RHSA-2023:1285 Issue date: 2023-03-16 CVE Names: CVE-2022-3782 CVE-2022-31690 CVE-2022-46364 ==================================================================== 1. Summary: Migration Toolkit for Runtimes 1.0.2 release Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Migration Toolkit for Runtimes 1.0.2 ZIP artifacts Security Fix(es): * keycloak: path traversal via double URL encoding (CVE-2022-3782) * spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690) * Apache CXF: SSRF Vulnerability (CVE-2022-46364) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2138971 - CVE-2022-3782 keycloak: path traversal via double URL encoding 2155682 - CVE-2022-46364 Apache CXF: SSRF Vulnerability 2162200 - CVE-2022-31690spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client 5. References: https://access.redhat.com/security/cve/CVE-2022-3782 https://access.redhat.com/security/cve/CVE-2022-31690 https://access.redhat.com/security/cve/CVE-2022-46364 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributions 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZBLeC9zjgjWX9erEAQhOgxAAk/jRsjkrCxiJurClPSOMhcoTrWW8klIH 2YdMia9aPsx2g8qkN7VVUflIu5EoQArGMYqicWAfp5FjkTu7zCCk+VTGjJlScxzD 07tv3ZllsNG8HAmQPiUfbwiAcqS6p0TGhCqbR6qusVnhSOW3S7n817IX2dVkPWOM z8/J7UpG0ewJX+DTZ7sFCv6QfJTN5hbKZMks6OsWRl3H4Xo0PCt9S/KK2tXNQTsi kJz06WMN+AcCMYzy7BrdFdbMNpWuY7VHBUeK074Awc+18+LMD4Ed/qiCMoYVxn2K ui2O9ldlLzT6OQerKHdWhcAYHNk/yh7ufFgznte4e0ePDsVEK/7q4NLCzLjFd1S5 n4weYCtg7BUGj4oR0hNEq/2eejarh6PBxP0rGYW/uIPP3Kfge2gz8KNRPIvCDcy0 4C0DrFTxcN3mcYNTawso6EgUDqsJNtOLykwgOjhYb5Re59PU4T+7FFHZW+xPuJMQ bzBk2u0Z0PUKyh8UTPCdoLC06I6tpUGkKKwMEVO0VVg7l0QP8m/oHj35gnIgKrVl vMzJNkRBK48pU57E6Ps1rDOA7/JiNwieuD2QoJuQRGo+Z98L3VZzSIUvtyjy4+Rj 4y1H1ttN02I3lwbPCtEBE2qu6R24karIVJtyLV1x4QsfLnyINiFm4upf2eEInVU3 w4QAo3uuIhA=pwgJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 16, 2023
•Important
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!