what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2021-3361-01

Red Hat Security Advisory 2021-3361-01
Posted Aug 31, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3361-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a memory exhaustion vulnerability.

tags | advisory, web
systems | linux, redhat
advisories | CVE-2021-20271, CVE-2021-21419, CVE-2021-21623, CVE-2021-21639, CVE-2021-21640, CVE-2021-21648, CVE-2021-22543, CVE-2021-22555, CVE-2021-22918, CVE-2021-25735, CVE-2021-25737, CVE-2021-27218, CVE-2021-3114, CVE-2021-3121, CVE-2021-33195, CVE-2021-33196, CVE-2021-33197, CVE-2021-33198, CVE-2021-34558, CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3520, CVE-2021-3537, CVE-2021-3541, CVE-2021-3609, CVE-2021-3636
SHA-256 | fa8792e889cba4980e5e69cc42c59e3108310c2072dfb34fffb0c3a8644d9099

Red Hat Security Advisory 2021-3361-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Migration Toolkit for Containers (MTC) 1.5.1 security and bug fix update
Advisory ID: RHSA-2021:3361-01
Product: Red Hat Migration Toolkit
Advisory URL: https://access.redhat.com/errata/RHSA-2021:3361
Issue date: 2021-08-31
CVE Names: CVE-2021-3114 CVE-2021-3121 CVE-2021-3516
CVE-2021-3517 CVE-2021-3518 CVE-2021-3520
CVE-2021-3537 CVE-2021-3541 CVE-2021-3609
CVE-2021-3636 CVE-2021-20271 CVE-2021-21419
CVE-2021-21623 CVE-2021-21639 CVE-2021-21640
CVE-2021-21648 CVE-2021-22543 CVE-2021-22555
CVE-2021-22918 CVE-2021-25735 CVE-2021-25737
CVE-2021-27218 CVE-2021-33195 CVE-2021-33196
CVE-2021-33197 CVE-2021-33198 CVE-2021-34558
=====================================================================

1. Summary:

An update is now available for the Migration Toolkit for Containers (MTC)
1.5.1.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.

Security fixes:

* golang: net: lookup functions may return invalid host names
(CVE-2021-33195)
* golang: archive/zip: malformed archive may cause panic or memory
exhaustion (CVE-2021-33196)
* golang: net/http/httputil: ReverseProxy forwards connection headers if
first one is empty (CVE-2021-33197)
* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error
if passed inputs with very large exponents (CVE-2021-33198)
* golang: crypto/tls: certificate of wrong type is causing TLS client to
panic (CVE-2021-34558)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to install and use MTC, refer to:

https://docs.openshift.com/container-platform/4.8/migration-toolkit-for-con
tainers/installing-mtc.html

4. Bugs fixed (https://bugzilla.redhat.com/):

1965503 - CVE-2021-33196 golang: archive/zip: malformed archive may cause panic or memory exhaustion
1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic
1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names
1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty
1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents
1996125 - When "None" is selected as the target storage class in the web console, the setting is ignored and the default storage class is used

5. References:

https://access.redhat.com/security/cve/CVE-2021-3114
https://access.redhat.com/security/cve/CVE-2021-3121
https://access.redhat.com/security/cve/CVE-2021-3516
https://access.redhat.com/security/cve/CVE-2021-3517
https://access.redhat.com/security/cve/CVE-2021-3518
https://access.redhat.com/security/cve/CVE-2021-3520
https://access.redhat.com/security/cve/CVE-2021-3537
https://access.redhat.com/security/cve/CVE-2021-3541
https://access.redhat.com/security/cve/CVE-2021-3609
https://access.redhat.com/security/cve/CVE-2021-3636
https://access.redhat.com/security/cve/CVE-2021-20271
https://access.redhat.com/security/cve/CVE-2021-21419
https://access.redhat.com/security/cve/CVE-2021-21623
https://access.redhat.com/security/cve/CVE-2021-21639
https://access.redhat.com/security/cve/CVE-2021-21640
https://access.redhat.com/security/cve/CVE-2021-21648
https://access.redhat.com/security/cve/CVE-2021-22543
https://access.redhat.com/security/cve/CVE-2021-22555
https://access.redhat.com/security/cve/CVE-2021-22918
https://access.redhat.com/security/cve/CVE-2021-25735
https://access.redhat.com/security/cve/CVE-2021-25737
https://access.redhat.com/security/cve/CVE-2021-27218
https://access.redhat.com/security/cve/CVE-2021-33195
https://access.redhat.com/security/cve/CVE-2021-33196
https://access.redhat.com/security/cve/CVE-2021-33197
https://access.redhat.com/security/cve/CVE-2021-33198
https://access.redhat.com/security/cve/CVE-2021-34558
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYS3kjtzjgjWX9erEAQgl5Q//an23DVsAMO6BG0gVH2sjX0xVXmHfQv3N
9IcJ5qlizvL+RY9GQ2fTL2OKg5mBfNIXsN+5R2O4Km2M+Y/XlBSsfKmC219/dAB6
Jswi0bBYdX/P/XmF3Cj7g3bHpgLfQT0V/rHezfE1lfCtpDkQp6kcyp0XT3uh+EgG
TEgc1pIl+Gk0Em/qGBgx/4xysaPfm9L2CVCHiuBJRcWHagRbjUCB8f6IqQblrzcb
fz/oz0/4oO5/ezBkerkuk9PH2qEQ3EakF+TLHgsNo1aDgt3iGJxfVSTqERXpuB8I
c2FsN66UVm8ElZcft23YiKsEgTHhYoFDVQ6NX95SdvPN6U2soK7XAYHoBxCbw9b9
9Zh+fQDS7x/ZX03S8AB5ymrdSAY28e4Obe8EZTn8Jf1sED8Kk/wodEKt5t5Jh3Ae
lDae94qHq2RdlRrRreRPr1CrIRf5IoqXQCKQoei/QCIZvsslIB6F1vDEgj9JRMI4
HPzrIqzB4PQhOd45vamAC+bkAMqdTCxK48M90CQSu7Gd9EEfzAbkYa5B3LGYWeOX
NVg/gGJotQVR8KCVLDbC1zZ7TDsJ81R/p+m59JDePQl1I5y44Ti9lSmmELAmAy+l
5fAR7auEha8qJgpQUenXdvcF3DAnaBBgKMtcGJfzc7RZNtciHa3AzESIyPEL35Z3
MHQhvRoUNC4=
=Hvey
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    69 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close