Protect yourself against future threats.
=========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2024.2442 Migration Toolkit for Runtimes security, bug fix and enhancement update 19 April 2024 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Migration Toolkit for Runtimes Publisher: Red Hat Operating System: Red Hat Resolution: Patch/Upgrade CVE Names: CVE-2024-26308 CVE-2024-1300 Original Bulletin: https://access.redhat.com/errata/RHSA-2024:1923 Comment: CVSS (Max): 5.9 CVE-2024-26308 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS Source: Red Hat Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Migration Toolkit for Runtimes security, bug fix and enhancement update Advisory ID: RHSA-2024:1923 Product: Migration Toolkit for Runtimes 1 on RHEL 8 Advisory URL: https://access.redhat.com/errata/RHSA-2024:1923 Issue date: 2024-04-18 CVE Names: CVE-2024-1300 CVE-2024-26308 ===================================================================== 1. Summary: Migration Toolkit for Runtimes 1.2.5 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Migration Toolkit for Runtimes 1 on RHEL 8 - s390x, ppc64le, arm64, amd64 3. Description: Migration Toolkit for Runtimes 1.2.5 Images Security Fix(es): * vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300) * commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance. 5. Bugs fixed (https://bugzilla.redhat.com/): 2263139 - CVE-2024-1300 - io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support 2264989 - CVE-2024-26308 - commons-compress: OutOfMemoryError unpacking broken Pack200 file 6. Package List: Migration Toolkit for Runtimes 1 on RHEL 8 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6 fef11d63fd28eeb8c21bf5fcb25_amd64: mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28 eeb8c21bf5fcb25_amd64.rpm 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc5022263 8f576b454a1c8e9cd557665aaf3_arm64: mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c 8e9cd557665aaf3_arm64.rpm 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c 64308d5b742d81b55fced08f63b_s390x: mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d 81b55fced08f63b_s390x.rpm 8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b 661e4a7a6354c7162da7427ea7c_ppc64le: mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354 c7162da7427ea7c_ppc64le.rpm 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f28 07275da0b766aeff9f44b88152_arm64: mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766 aeff9f44b88152_arm64.rpm 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01 d42737eff48128150f02a6f204_ppc64le: mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff481 28150f02a6f204_ppc64le.rpm 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdc b1de4569dafe646f00c1c10d4c_s390x: mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe 646f00c1c10d4c_s390x.rpm 8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035 498304e9f2091a0b76c6c26153_amd64: mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f209 1a0b76c6c26153_amd64.rpm 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be85 77bcd1330d86185545d25dfa97796ca_amd64: mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86 185545d25dfa97796ca_amd64.rpm 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3 fe276f09b295978f8e95bc258593599_ppc64le: mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295 978f8e95bc258593599_ppc64le.rpm 8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b7631 1c6eefd386810da38d5d04ea05606c4_s390x: mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd38681 0da38d5d04ea05606c4_s390x.rpm 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4 979baafb0600f83630ee97173033195f030271db_s390x: mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600 f83630ee97173033195f030271db_s390x.rpm 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f0 9abb291395a0eb5d13c7e1522bc199fed9f68646_amd64: mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0 eb5d13c7e1522bc199fed9f68646_amd64.rpm 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39 eec10cfab62d60a0b142df967de57734c87ff310_arm64: mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d 60a0b142df967de57734c87ff310_arm64.rpm 8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e 31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le: mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd 777f0ae0959e9cf3a064d3d27ead_ppc64le.rpm 7. References: https://access.redhat.com/security/cve/CVE-2024-1300 https://access.redhat.com/security/cve/CVE-2024-26308 https://access.redhat.com/security/updates/classification/#moderate - --------------------------END INCLUDED TEXT---------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. ===========================================================================