exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2022-4814-01

Red Hat Security Advisory 2022-4814-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4814-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include denial of service and memory exhaustion vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-25032, CVE-2020-0404, CVE-2020-13974, CVE-2020-19131, CVE-2020-27820, CVE-2020-35492, CVE-2020-4788, CVE-2021-0941, CVE-2021-20322, CVE-2021-21781, CVE-2021-26401, CVE-2021-29154, CVE-2021-3612, CVE-2021-3634, CVE-2021-3669, CVE-2021-37159, CVE-2021-3737, CVE-2021-3743, CVE-2021-3744, CVE-2021-3752, CVE-2021-3759, CVE-2021-3764, CVE-2021-3772, CVE-2021-3773, CVE-2021-3807, CVE-2021-39293, CVE-2021-4002
SHA-256 | de3fa8ee040cf6c28c1affa37a50086f48d77a4fce95eaf6d26445098ef47a20

Red Hat Security Advisory 2022-4814-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Migration Toolkit for Containers (MTC) 1.6.5 security and bug fix update
Advisory ID: RHSA-2022:4814-01
Product: Red Hat Migration Toolkit
Advisory URL: https://access.redhat.com/errata/RHSA-2022:4814
Issue date: 2022-05-31
CVE Names: CVE-2018-25032 CVE-2020-0404 CVE-2020-4788
CVE-2020-13974 CVE-2020-19131 CVE-2020-27820
CVE-2020-35492 CVE-2021-0941 CVE-2021-3612
CVE-2021-3634 CVE-2021-3669 CVE-2021-3737
CVE-2021-3743 CVE-2021-3744 CVE-2021-3752
CVE-2021-3759 CVE-2021-3764 CVE-2021-3772
CVE-2021-3773 CVE-2021-3807 CVE-2021-4002
CVE-2021-4037 CVE-2021-4083 CVE-2021-4157
CVE-2021-4189 CVE-2021-4197 CVE-2021-4203
CVE-2021-20322 CVE-2021-21781 CVE-2021-26401
CVE-2021-29154 CVE-2021-37159 CVE-2021-39293
CVE-2021-41617 CVE-2021-41864 CVE-2021-42739
CVE-2021-43056 CVE-2021-43389 CVE-2021-43976
CVE-2021-44733 CVE-2021-45485 CVE-2021-45486
CVE-2022-0001 CVE-2022-0002 CVE-2022-0286
CVE-2022-0322 CVE-2022-1011 CVE-2022-1154
CVE-2022-1271
====================================================================
1. Summary:

The Migration Toolkit for Containers (MTC) 1.6.5 is now available.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.

Security Fix(es):

* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching
ANSI escape codes (CVE-2021-3807)

* golang: archive/zip: malformed archive may cause panic or memory
exhaustion (incomplete fix of CVE-2021-33196) (CVE-2021-39293)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to install and use MTC, refer to:

https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

4. Bugs fixed (https://bugzilla.redhat.com/):

2006044 - CVE-2021-39293 golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)
2007557 - CVE-2021-3807 nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
2057579 - [MTC UI] Cancel button on ?Migrations? page does not disappear when migration gets Failed/Succeeded with warnings
2072311 - HPAs of DeploymentConfigs are not being updated when migration from Openshift 3.x to Openshift 4.x
2074044 - [MTC] Rsync pods are not running as privileged
2074553 - Upstream Hook Runner image requires arguments be in a different order

5. References:

https://access.redhat.com/security/cve/CVE-2018-25032
https://access.redhat.com/security/cve/CVE-2020-0404
https://access.redhat.com/security/cve/CVE-2020-4788
https://access.redhat.com/security/cve/CVE-2020-13974
https://access.redhat.com/security/cve/CVE-2020-19131
https://access.redhat.com/security/cve/CVE-2020-27820
https://access.redhat.com/security/cve/CVE-2020-35492
https://access.redhat.com/security/cve/CVE-2021-0941
https://access.redhat.com/security/cve/CVE-2021-3612
https://access.redhat.com/security/cve/CVE-2021-3634
https://access.redhat.com/security/cve/CVE-2021-3669
https://access.redhat.com/security/cve/CVE-2021-3737
https://access.redhat.com/security/cve/CVE-2021-3743
https://access.redhat.com/security/cve/CVE-2021-3744
https://access.redhat.com/security/cve/CVE-2021-3752
https://access.redhat.com/security/cve/CVE-2021-3759
https://access.redhat.com/security/cve/CVE-2021-3764
https://access.redhat.com/security/cve/CVE-2021-3772
https://access.redhat.com/security/cve/CVE-2021-3773
https://access.redhat.com/security/cve/CVE-2021-3807
https://access.redhat.com/security/cve/CVE-2021-4002
https://access.redhat.com/security/cve/CVE-2021-4037
https://access.redhat.com/security/cve/CVE-2021-4083
https://access.redhat.com/security/cve/CVE-2021-4157
https://access.redhat.com/security/cve/CVE-2021-4189
https://access.redhat.com/security/cve/CVE-2021-4197
https://access.redhat.com/security/cve/CVE-2021-4203
https://access.redhat.com/security/cve/CVE-2021-20322
https://access.redhat.com/security/cve/CVE-2021-21781
https://access.redhat.com/security/cve/CVE-2021-26401
https://access.redhat.com/security/cve/CVE-2021-29154
https://access.redhat.com/security/cve/CVE-2021-37159
https://access.redhat.com/security/cve/CVE-2021-39293
https://access.redhat.com/security/cve/CVE-2021-41617
https://access.redhat.com/security/cve/CVE-2021-41864
https://access.redhat.com/security/cve/CVE-2021-42739
https://access.redhat.com/security/cve/CVE-2021-43056
https://access.redhat.com/security/cve/CVE-2021-43389
https://access.redhat.com/security/cve/CVE-2021-43976
https://access.redhat.com/security/cve/CVE-2021-44733
https://access.redhat.com/security/cve/CVE-2021-45485
https://access.redhat.com/security/cve/CVE-2021-45486
https://access.redhat.com/security/cve/CVE-2022-0001
https://access.redhat.com/security/cve/CVE-2022-0002
https://access.redhat.com/security/cve/CVE-2022-0286
https://access.redhat.com/security/cve/CVE-2022-0322
https://access.redhat.com/security/cve/CVE-2022-1011
https://access.redhat.com/security/cve/CVE-2022-1154
https://access.redhat.com/security/cve/CVE-2022-1271
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYpYjbtzjgjWX9erEAQhT7g//Z2L9uO6nxiL9MntYac7CrNFsZzo5nfqN
qLiF1fkpIZ09tEQWGsfd2lEzsAAtyYOhhmCxeNkNjYkFkVO9Qs/p1VAAaFMBi3DE
GuiULePVslmn2GDiujvlIPUcej9OT1oUWitZUrOIqapRCMUs7k1KK1FFMJiRp53b
iC59lyHTH8Mbjbj0OWj+KlQCIJ3ejy/gzwGp9BXl15DUOhTpBefIVFob+xb0CMY8
+i0m/beinJ5LpkzgKpyr4pvxoeKmTtJmc10pqCj1BqrxgZwVAXx4x8J1vhUGJ5MJ
i4Eej2XQVFv7Bs24CMdGFlXvMZR+FV2R6IxWpremV6DAfDYzvSRwY5A3CKJGcsNX
7n9d8X4yDIT84rmsdwBkcoD60OO0ijipRbVmSvBEbsnWLmHaYxnMme3gz3NJW9+2
z1/4aX/9tswJCBDUuh4sL3EgYX0OMxoRN/MKCNcWykmMcLBNYKXuIVnqlz4M/vxD
LbGZXlbbQZ27XvbYcLjXta0jUguzFna/OVUzM0HIHn+/WFEQqe9JX2lggiotIvb/
NtDrYOjcceVICo4QI+E32yk7Jn8Ai+mNgdepv2GwTcQy/CEA2Gy/HXSOMzolEWkJ
jhymgnci5w4pvAekigvRMgehqqIUPY+qqlL0PRJB93l5g1sm/gPAcJscZ+SEIqWQ
hx/bwWtTMqg=L0aQ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close