Protect yourself against future threats.
=========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.1695 Migration Toolkit for Applications security and bug fix update 21 March 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Migration Toolkit for Applications Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2022-1962 Original Bulletin: https://access.redhat.com/errata/RHSA-2024:1433 Comment: CVSS (Max): 5.5 CVE-2022-1962 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Migration Toolkit for Applications security and bug fix update Advisory ID: RHSA-2024:1433 Product: MTA 7.0 for RHEL 9 Advisory URL: https://access.redhat.com/errata/RHSA-2024:1433 Issue date: 2024-03-20 CVE Names: CVE-2022-1962 ===================================================================== 1. Summary: Migration Toolkit for Applications 7.0.2 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: MTA 7.0 for RHEL 9 - amd64, arm64 MTA 7.0 for RHEL 8 - amd64, arm64 3. Description: Migration Toolkit for Applications 7.0.2 Images Security Fix(es) from Bugzilla: * golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2107376 - CVE-2022-1962 - golang: go/parser: stack exhaustion in all Parse* functions 6. Package List: MTA 7.0 for RHEL 9 0:mta/mta-hub-rhel9@sha256:5690f54c7dde45d95b407c0f1393a8e01e6f8e5512a2595ef8eff e74b19a6d4a_amd64: mta/mta-hub-rhel9@sha256:5690f54c7dde45d95b407c0f1393a8e01e6f8e5512a2595ef8effe7 4b19a6d4a_amd64.rpm 0:mta/mta-analyzer-addon-rhel9@sha256:9b3bd8a8bc45ebb2ebfbd13cd571bd52d5d210b82e 760ef8ca49d597709d7f83_amd64: mta/mta-analyzer-addon-rhel9@sha256:9b3bd8a8bc45ebb2ebfbd13cd571bd52d5d210b82e76 0ef8ca49d597709d7f83_amd64.rpm 0:mta/mta-analyzer-lsp-rhel9@sha256:b0a3d36ec379c6c796d18e31b238f2112a3a6ab31f68 798c36fb3b588477c451_arm64: mta/mta-analyzer-lsp-rhel9@sha256:b0a3d36ec379c6c796d18e31b238f2112a3a6ab31f6879 8c36fb3b588477c451_arm64.rpm 0:mta/mta-analyzer-lsp-rhel9@sha256:e318451c6efa1559657e9fe928087ff8fea30478d64f 4cb75c5919c5279ebba1_amd64: mta/mta-analyzer-lsp-rhel9@sha256:e318451c6efa1559657e9fe928087ff8fea30478d64f4c b75c5919c5279ebba1_amd64.rpm 0:mta/mta-cli-rhel9@sha256:afc5c7e7d8cd563a47a6475eb9c23e31553eeeaa0709407a8cd1e 7492657ea08_amd64: mta/mta-cli-rhel9@sha256:afc5c7e7d8cd563a47a6475eb9c23e31553eeeaa0709407a8cd1e74 92657ea08_amd64.rpm 0:mta/mta-cli-rhel9@sha256:d7e65ce9ab3b1d91205a2edbb4293cb8362a323b650a3daf7caf9 103ae258812_arm64: mta/mta-cli-rhel9@sha256:d7e65ce9ab3b1d91205a2edbb4293cb8362a323b650a3daf7caf910 3ae258812_arm64.rpm 0:mta/mta-operator-bundle@sha256:b8c09648ffba53778128e145ab66b347f68e7960eaa3458 30363313f9d564d88_amd64: mta/mta-operator-bundle@sha256:b8c09648ffba53778128e145ab66b347f68e7960eaa345830 363313f9d564d88_amd64.rpm 0:mta/mta-ui-rhel9@sha256:06c7b18081e2285b29082e26bd013a8d8d464a7641dd8d285e4909 ca86514fde_amd64: mta/mta-ui-rhel9@sha256:06c7b18081e2285b29082e26bd013a8d8d464a7641dd8d285e4909ca 86514fde_amd64.rpm 0:mta/mta-windup-shim-rhel9@sha256:3322ff5bdd8d9422567b37888cfe132d48455503e62a3 8953d5b318d80a02c91_arm64: mta/mta-windup-shim-rhel9@sha256:3322ff5bdd8d9422567b37888cfe132d48455503e62a389 53d5b318d80a02c91_arm64.rpm 0:mta/mta-windup-shim-rhel9@sha256:4a35cbbe8c24232c138460ff50d1076392136ddedb711 1c26ab2b074ad4017a7_amd64: mta/mta-windup-shim-rhel9@sha256:4a35cbbe8c24232c138460ff50d1076392136ddedb7111c 26ab2b074ad4017a7_amd64.rpm MTA 7.0 for RHEL 8 0:mta/mta-rhel8-operator@sha256:cc32dfeeb33b7e2d2a63098b2c1c09999a955b69349cbe3e 3902fc1101d176a0_amd64: mta/mta-rhel8-operator@sha256:cc32dfeeb33b7e2d2a63098b2c1c09999a955b69349cbe3e39 02fc1101d176a0_amd64.rpm 7. References: https://access.redhat.com/security/cve/CVE-2022-1962 https://access.redhat.com/security/updates/classification/#moderate - --------------------------END INCLUDED TEXT---------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================