Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2022.1677 Migration Toolkit for Containers (MTC) 1.5.4 security update 20 April 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Migration Toolkit for Containers (MTC) 1.5.4 Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-25315 CVE-2022-25236 CVE-2022-25235 CVE-2022-24407 CVE-2022-23852 CVE-2022-23308 CVE-2022-23219 CVE-2022-23218 CVE-2022-22942 CVE-2022-22827 CVE-2022-22826 CVE-2022-22825 CVE-2022-22824 CVE-2022-22823 CVE-2022-22822 CVE-2022-22817 CVE-2022-22816 CVE-2022-0847 CVE-2022-0778 CVE-2022-0532 CVE-2022-0516 CVE-2022-0492 CVE-2022-0435 CVE-2022-0413 CVE-2022-0392 CVE-2022-0361 CVE-2022-0359 CVE-2022-0330 CVE-2022-0318 CVE-2022-0261 CVE-2021-46143 CVE-2021-45960 CVE-2021-44717 CVE-2021-44716 CVE-2021-42574 CVE-2021-41190 CVE-2021-36221 CVE-2021-36087 CVE-2021-36086 CVE-2021-36085 CVE-2021-36084 CVE-2021-33560 CVE-2021-31566 CVE-2021-28153 CVE-2021-23177 CVE-2021-22925 CVE-2021-22898 CVE-2021-22876 CVE-2021-21684 CVE-2021-20232 CVE-2021-20231 CVE-2021-4154 CVE-2021-4122 CVE-2021-3999 CVE-2021-3800 CVE-2021-3580 CVE-2021-3572 CVE-2021-3521 CVE-2021-3445 CVE-2021-3426 CVE-2021-3200 CVE-2021-0920 CVE-2020-25710 CVE-2020-25709 CVE-2020-24370 CVE-2020-16135 CVE-2020-14155 CVE-2020-13435 CVE-2020-12762 CVE-2019-20838 CVE-2019-19603 CVE-2019-18218 CVE-2019-17595 CVE-2019-17594 CVE-2019-13751 CVE-2019-13750 CVE-2019-5827 CVE-2014-3577 Original Bulletin: https://access.redhat.com/errata/RHSA-2022:1396 Comment: CVSS (Max): 9.8 CVE-2022-25315 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update Advisory ID: RHSA-2022:1396-01 Product: Red Hat Migration Toolkit Advisory URL: https://access.redhat.com/errata/RHSA-2022:1396 Issue date: 2022-04-19 CVE Names: CVE-2014-3577 CVE-2019-5827 CVE-2019-13750 CVE-2019-13751 CVE-2019-17594 CVE-2019-17595 CVE-2019-18218 CVE-2019-19603 CVE-2019-20838 CVE-2020-12762 CVE-2020-13435 CVE-2020-14155 CVE-2020-16135 CVE-2020-24370 CVE-2020-25709 CVE-2020-25710 CVE-2021-0920 CVE-2021-3200 CVE-2021-3426 CVE-2021-3445 CVE-2021-3521 CVE-2021-3572 CVE-2021-3580 CVE-2021-3800 CVE-2021-3999 CVE-2021-4122 CVE-2021-4154 CVE-2021-20231 CVE-2021-20232 CVE-2021-21684 CVE-2021-22876 CVE-2021-22898 CVE-2021-22925 CVE-2021-23177 CVE-2021-28153 CVE-2021-31566 CVE-2021-33560 CVE-2021-36084 CVE-2021-36085 CVE-2021-36086 CVE-2021-36087 CVE-2021-36221 CVE-2021-41190 CVE-2021-42574 CVE-2021-44716 CVE-2021-44717 CVE-2021-45960 CVE-2021-46143 CVE-2022-0261 CVE-2022-0318 CVE-2022-0330 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0413 CVE-2022-0435 CVE-2022-0492 CVE-2022-0516 CVE-2022-0532 CVE-2022-0778 CVE-2022-0847 CVE-2022-22816 CVE-2022-22817 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-22942 CVE-2022-23218 CVE-2022-23219 CVE-2022-23308 CVE-2022-23852 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25315 ===================================================================== 1. Summary: The Migration Toolkit for Containers (MTC) 1.5.4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es): * golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: For details on how to install and use MTC, refer to: https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 5. References: https://access.redhat.com/security/cve/CVE-2014-3577 https://access.redhat.com/security/cve/CVE-2019-5827 https://access.redhat.com/security/cve/CVE-2019-13750 https://access.redhat.com/security/cve/CVE-2019-13751 https://access.redhat.com/security/cve/CVE-2019-17594 https://access.redhat.com/security/cve/CVE-2019-17595 https://access.redhat.com/security/cve/CVE-2019-18218 https://access.redhat.com/security/cve/CVE-2019-19603 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-12762 https://access.redhat.com/security/cve/CVE-2020-13435 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-16135 https://access.redhat.com/security/cve/CVE-2020-24370 https://access.redhat.com/security/cve/CVE-2020-25709 https://access.redhat.com/security/cve/CVE-2020-25710 https://access.redhat.com/security/cve/CVE-2021-0920 https://access.redhat.com/security/cve/CVE-2021-3200 https://access.redhat.com/security/cve/CVE-2021-3426 https://access.redhat.com/security/cve/CVE-2021-3445 https://access.redhat.com/security/cve/CVE-2021-3521 https://access.redhat.com/security/cve/CVE-2021-3572 https://access.redhat.com/security/cve/CVE-2021-3580 https://access.redhat.com/security/cve/CVE-2021-3800 https://access.redhat.com/security/cve/CVE-2021-3999 https://access.redhat.com/security/cve/CVE-2021-4122 https://access.redhat.com/security/cve/CVE-2021-4154 https://access.redhat.com/security/cve/CVE-2021-20231 https://access.redhat.com/security/cve/CVE-2021-20232 https://access.redhat.com/security/cve/CVE-2021-21684 https://access.redhat.com/security/cve/CVE-2021-22876 https://access.redhat.com/security/cve/CVE-2021-22898 https://access.redhat.com/security/cve/CVE-2021-22925 https://access.redhat.com/security/cve/CVE-2021-23177 https://access.redhat.com/security/cve/CVE-2021-28153 https://access.redhat.com/security/cve/CVE-2021-31566 https://access.redhat.com/security/cve/CVE-2021-33560 https://access.redhat.com/security/cve/CVE-2021-36084 https://access.redhat.com/security/cve/CVE-2021-36085 https://access.redhat.com/security/cve/CVE-2021-36086 https://access.redhat.com/security/cve/CVE-2021-36087 https://access.redhat.com/security/cve/CVE-2021-36221 https://access.redhat.com/security/cve/CVE-2021-41190 https://access.redhat.com/security/cve/CVE-2021-42574 https://access.redhat.com/security/cve/CVE-2021-44716 https://access.redhat.com/security/cve/CVE-2021-44717 https://access.redhat.com/security/cve/CVE-2021-45960 https://access.redhat.com/security/cve/CVE-2021-46143 https://access.redhat.com/security/cve/CVE-2022-0261 https://access.redhat.com/security/cve/CVE-2022-0318 https://access.redhat.com/security/cve/CVE-2022-0330 https://access.redhat.com/security/cve/CVE-2022-0359 https://access.redhat.com/security/cve/CVE-2022-0361 https://access.redhat.com/security/cve/CVE-2022-0392 https://access.redhat.com/security/cve/CVE-2022-0413 https://access.redhat.com/security/cve/CVE-2022-0435 https://access.redhat.com/security/cve/CVE-2022-0492 https://access.redhat.com/security/cve/CVE-2022-0516 https://access.redhat.com/security/cve/CVE-2022-0532 https://access.redhat.com/security/cve/CVE-2022-0778 https://access.redhat.com/security/cve/CVE-2022-0847 https://access.redhat.com/security/cve/CVE-2022-22816 https://access.redhat.com/security/cve/CVE-2022-22817 https://access.redhat.com/security/cve/CVE-2022-22822 https://access.redhat.com/security/cve/CVE-2022-22823 https://access.redhat.com/security/cve/CVE-2022-22824 https://access.redhat.com/security/cve/CVE-2022-22825 https://access.redhat.com/security/cve/CVE-2022-22826 https://access.redhat.com/security/cve/CVE-2022-22827 https://access.redhat.com/security/cve/CVE-2022-22942 https://access.redhat.com/security/cve/CVE-2022-23218 https://access.redhat.com/security/cve/CVE-2022-23219 https://access.redhat.com/security/cve/CVE-2022-23308 https://access.redhat.com/security/cve/CVE-2022-23852 https://access.redhat.com/security/cve/CVE-2022-24407 https://access.redhat.com/security/cve/CVE-2022-25235 https://access.redhat.com/security/cve/CVE-2022-25236 https://access.redhat.com/security/cve/CVE-2022-25315 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYl7undzjgjWX9erEAQiqnA//coS+jbyEFQN1aAdPyLbi2n3NcYI984MP Jb+dx3PPN+OZ+W8pXqp786iVzD5rPvpuFc4M0COp+Ambsfw3VZCmGk9+R4KtiMi/ tK0GXP0A+t91IeyEhGcOcUtruivBaToMwriBCLwPGSduTy67eEYA5z50yilDWyP/ dwksdQFru9fFtNo6ssWZg0bk4+p37fxkH2RqRrVRSNlRZMqW6of1gj77mx+YBBHU p5NOxg00+0JuUyvvzVAWRAk5i5lTETiO85uDZLhv01YzBDHnroQxj2BmprXVSneZ U7ToSzYjTYHN3uUdO23ytBRTAB3Sw8yIlVHSoPhQBO8pBmzIh/MC3dGgwdfp/QRk cdlVKMN4wfq9k693qVgMlUFIqGC05VMDqd5ftpVWdOlb71fxE2yCiawJeg2bgA9x eiEiAF2mCcQgFrEQUZz3NkQ1Ck9KLlkGDDucCJldWo2JB2OgP9ZocwvlrtwuaEQF lJ7ltPPMB/5mPuFiccqhKNP1uDU4LsMve7+eJtXvi9au/A8DCF3H5wGnufNRNxg1 o4e1BUL0e8WLkpaeqfioz+h98udNi6DRN1x9a1rs7HjKAgDneqWq1QdvWPrD1Xmw 8E5l/kiIOZgHdKV37//oF/InpGnxdO2mGHge+KSrwkMBZ05hfqhv0ika0SNcMFB2 APVsdFf7Z0E= =TaCO - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYl9XP+NLKJtyKPYoAQhDYA/9FbL9K7n8EvCzaTb9xSL+UTus0pk/5s/7 dq4lySHB+Ongx6l2ZpvivKvBaNVekL3jz9X4k/YZYlB/hd5+79aD0d61BpCQ+s9k zo57jxto+9hl/KfaOsxoY62MxIZPJFbSnwZoVBH6snOswJqdQH9DjCu0VYbmHZ4m UftB7eOYi5m8dpuC8AmhhlihVimpRQtPJ8ZdXB+xaOMeffoRmkJizSneiBM44OIy ghYplsMVgT6BQRsR8NMi4XncsroOebjBI9oZKlpWbLYgUmRE1S4awCyVse1pBDX6 URDufkNtvv/aw/b3NEA2O8aZsTeH7mSV2pdjeDZ5Y4cK4VWi+u/ciUoVCKwupQ3Z 7s9eKXauDw9eqRqHQs8918iAntzdyi+dSb8FPVFpElIYp/YFsNgff+BzEkjJzAxX o6zds7AwdMFtgpoZD3yJJ2Qhs9hwtb3ydOaSz9L/0MHven+bbQVr4rSBNyOPBaed aemnMyw2zB85qGr/77hRLduwl/fgk5MotvkLFecc9hKnPkOzpDZ8akdPc1r942kq J0v8lJ+UL+9beqy0DPFCsURd2or7u3XKbOyHTid2iEYWY7myrUL6uFxC7g28bnl8 0qcvNZf/q1FeYE+7kcnmBvM69gtDw7viKvFsBfDCmEgQg2cgV4BuX0n4pjWymyyo WGKI0fgfWt0= =Xh+0 -----END PGP SIGNATURE-----