Issued:: 2023-06-27
Updated:: 2023-06-27

RHSA-2023:3813 - Security Advisory

Overview
Updated Images

Synopsis

Moderate: Migration Toolkit for Runtimes security update

Type/Severity

Security Advisory: Moderate

Topic

An update for mtr-operator-bundle-container, mtr-operator-container, mtr-web-container, and mtr-web-executor-container is now available for Migration Toolkit for Runtimes 1 on RHEL 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Migration Toolkit for Runtimes 1.1.1 Images

Security Fix(es):

undertow: Server identity in https connection is not checked by the undertow client (CVE-2022-4492)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Migration Toolkit for Runtimes Advisory Metadata x86_64

Fixes

BZ - 2153260 - CVE-2022-4492 undertow: Server identity in https connection is not checked by the undertow client

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

aarch64

mtr/mtr-operator-bundle@sha256:6e4522f5ec12c49e5aad88536accb10eef503e1cabc1abad07ae7a746c03c676

mtr/mtr-rhel8-operator@sha256:6f2d9ac73482bc381c3f87590954ecb0632ccfe3c50b1f96d9f637d1e60101b3

mtr/mtr-web-executor-container-rhel8@sha256:dedc08bd847e3dfe8c3789ed17844f15e75edf3a4bf8786f6a7f897f6ca66d7f

ppc64le

mtr/mtr-operator-bundle@sha256:70c1c24245ce7975c50055f0a9f616cd9db4a6325c9aadc42e80a7618b7a74dd

mtr/mtr-rhel8-operator@sha256:12e80abe7c02cfbd1a179cb304bef58b72729f5821113c98e2230dda517ef4ec

mtr/mtr-web-container-rhel8@sha256:74c5ddfc32d28a9f7a08364910413ffcae2453faaded21befcf28840414c968b

mtr/mtr-web-executor-container-rhel8@sha256:5c27fad928e344f4b26b6fb68b3c21adfe695ee1707063d959fa722d72d7eef1

s390x

mtr/mtr-operator-bundle@sha256:8b608899c571a4729a241f041bfaa65c183c9e81dc1731e650f0db84c24fc274

mtr/mtr-rhel8-operator@sha256:f9b5c11144415597762706d93d1f90b2b684dbcab4dd5b83204831d0a3bf529f

mtr/mtr-web-container-rhel8@sha256:fd35bbd776cd186298a621f8122cdaa059dfa0d480eae08127e963faa5e26680

mtr/mtr-web-executor-container-rhel8@sha256:42ff12e2c4d6308a6a5d7cb262c7b20e6c2df43542249edc327a35ecccbf21e4

x86_64

mtr/mtr-operator-bundle@sha256:e43184e29882918430c515933e4669185cb49764bed4ef5da7ce2580f0a79ecd

mtr/mtr-rhel8-operator@sha256:93db684ab05b08d7a6b55e19e63934b85a758bc0b29b9c49469278ce9f6b456e

mtr/mtr-web-container-rhel8@sha256:bc3f7a7cda2b40adc2561c3dd7e2193d1da899ad6a499713bf54f4cfa8055f20

mtr/mtr-web-executor-container-rhel8@sha256:be070c36939408f3ebe40612e239be07ea495d3a4f838e84db43e2d73dc3987f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation