exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2023-2107-01

Red Hat Security Advisory 2023-2107-01
Posted May 4, 2023
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2023-2107-01 - The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2022-41724, CVE-2022-41725, CVE-2022-4304, CVE-2022-4450, CVE-2023-0215, CVE-2023-0286, CVE-2023-0361, CVE-2023-23916, CVE-2023-25173, CVE-2023-28617
SHA-256 | 4e5916017cd2c38d0dbb46d07a4b6c5a15d545e4b934c30942abd25556065af8

Red Hat Security Advisory 2023-2107-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Migration Toolkit for Containers (MTC) 1.7.9 security and bug fix update
Advisory ID: RHSA-2023:2107-01
Product: Red Hat Migration Toolkit
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2107
Issue date: 2023-05-04
CVE Names: CVE-2022-4304 CVE-2022-4450 CVE-2022-41724
CVE-2022-41725 CVE-2023-0215 CVE-2023-0286
CVE-2023-0361 CVE-2023-23916 CVE-2023-25173
CVE-2023-28617
=====================================================================

1. Summary:

The Migration Toolkit for Containers (MTC) 1.7.9 is now available.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.

Security Fix(es) from Bugzilla:

* golang: crypto/tls: large handshake records may cause panics
(CVE-2022-41724)

* golang: net/http, mime/multipart: denial of service from excessive
resource consumption (CVE-2022-41725)

* containerd: Supplementary groups are not set up properly (CVE-2023-25173)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2174485 - CVE-2023-25173 containerd: Supplementary groups are not set up properly
2178488 - CVE-2022-41725 golang: net/http, mime/multipart: denial of service from excessive resource consumption
2178492 - CVE-2022-41724 golang: crypto/tls: large handshake records may cause panics

5. References:

https://access.redhat.com/security/cve/CVE-2022-4304
https://access.redhat.com/security/cve/CVE-2022-4450
https://access.redhat.com/security/cve/CVE-2022-41724
https://access.redhat.com/security/cve/CVE-2022-41725
https://access.redhat.com/security/cve/CVE-2023-0215
https://access.redhat.com/security/cve/CVE-2023-0286
https://access.redhat.com/security/cve/CVE-2023-0361
https://access.redhat.com/security/cve/CVE-2023-23916
https://access.redhat.com/security/cve/CVE-2023-25173
https://access.redhat.com/security/cve/CVE-2023-28617
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBZFNIXdzjgjWX9erEAQjZLg//Qss/RATn6qEdUmxr+5ca7dZB7vRc5xr2
hZOh4YEIKdQ5ka8aFz05fUIJhHmRIO0FZn8KUDWoLZNy20VcQXRgDqJAp3qaZ8e5
soWpeqcKTaEnHBGA0pa4QZP24yS/XVMiDdSvwYvSiRBXF0TDq0BLlo4t5bw5oMiv
DvicfYK0OnbmNho3NotXo9URmdo3xW1b62DKFPVXnZjQeRLbvlpQrwvNDLY1itV1
r1Cz4lIEEX6atNhBU7y8yE3TTg8S1ss4BtcM6FmkbyKuPz2m9f3AFGOlplXIhVq0
zNKegjfQR0xeRLvs71rJd+rSRZ/8L326SEHS+2+zmil+Krfx0dE26FwYwBE83sk9
PEWRQLhSweQonxthKSstoThHbaKQamIOm2pdOdYjqy1LAX8hV45QFTf8Yc4UD5o8
gGLU3+xdlLlGvo4rtgY4eK0/Sn+wxF5omrBxb4hdKMRcs1fdTQKx9tkAatzAEnzS
aOxtU2TLvxbp/O5kS9Ayqg1MuhL4sb3rN+RZMXEMSGu8cI97PGMNRLrtgbgoGCOI
jX/K4gA3IynIbqIt5m0xP7KA5KqMB/10iVIpwsZFR7Q8VkmSHX5pWyc3Of6Y/yHf
apspLbSdLGSE33VaVa5O4oxTt0U+OM1+3kwNXNSNuqL9I6uLqbTCcXYadSim+ycQ
i5zGVFwZRVQ=
=ODYu
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close