-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Migration Toolkit for Containers (MTC) 1.7.9 security and bug fix update Advisory ID: RHSA-2023:2107-01 Product: Red Hat Migration Toolkit Advisory URL: https://access.redhat.com/errata/RHSA-2023:2107 Issue date: 2023-05-04 CVE Names: CVE-2022-4304 CVE-2022-4450 CVE-2022-41724 CVE-2022-41725 CVE-2023-0215 CVE-2023-0286 CVE-2023-0361 CVE-2023-23916 CVE-2023-25173 CVE-2023-28617 ===================================================================== 1. Summary: The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es) from Bugzilla: * golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724) * golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725) * containerd: Supplementary groups are not set up properly (CVE-2023-25173) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 4. Bugs fixed (https://bugzilla.redhat.com/): 2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly 2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption 2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics 5. References: https://access.redhat.com/security/cve/CVE-2022-4304 https://access.redhat.com/security/cve/CVE-2022-4450 https://access.redhat.com/security/cve/CVE-2022-41724 https://access.redhat.com/security/cve/CVE-2022-41725 https://access.redhat.com/security/cve/CVE-2023-0215 https://access.redhat.com/security/cve/CVE-2023-0286 https://access.redhat.com/security/cve/CVE-2023-0361 https://access.redhat.com/security/cve/CVE-2023-23916 https://access.redhat.com/security/cve/CVE-2023-25173 https://access.redhat.com/security/cve/CVE-2023-28617 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFNIXdzjgjWX9erEAQjZLg//Qss/RATn6qEdUmxr+5ca7dZB7vRc5xr2 hZOh4YEIKdQ5ka8aFz05fUIJhHmRIO0FZn8KUDWoLZNy20VcQXRgDqJAp3qaZ8e5 soWpeqcKTaEnHBGA0pa4QZP24yS/XVMiDdSvwYvSiRBXF0TDq0BLlo4t5bw5oMiv DvicfYK0OnbmNho3NotXo9URmdo3xW1b62DKFPVXnZjQeRLbvlpQrwvNDLY1itV1 r1Cz4lIEEX6atNhBU7y8yE3TTg8S1ss4BtcM6FmkbyKuPz2m9f3AFGOlplXIhVq0 zNKegjfQR0xeRLvs71rJd+rSRZ/8L326SEHS+2+zmil+Krfx0dE26FwYwBE83sk9 PEWRQLhSweQonxthKSstoThHbaKQamIOm2pdOdYjqy1LAX8hV45QFTf8Yc4UD5o8 gGLU3+xdlLlGvo4rtgY4eK0/Sn+wxF5omrBxb4hdKMRcs1fdTQKx9tkAatzAEnzS aOxtU2TLvxbp/O5kS9Ayqg1MuhL4sb3rN+RZMXEMSGu8cI97PGMNRLrtgbgoGCOI jX/K4gA3IynIbqIt5m0xP7KA5KqMB/10iVIpwsZFR7Q8VkmSHX5pWyc3Of6Y/yHf apspLbSdLGSE33VaVa5O4oxTt0U+OM1+3kwNXNSNuqL9I6uLqbTCcXYadSim+ycQ i5zGVFwZRVQ= =ODYu -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce