Red Hat Product Errata RHSA-2023:5447 - Security Advisory
Issued:
2023-10-05
Updated:
2023-10-05

RHSA-2023:5447 - Security Advisory

Synopsis

Important: Migration Toolkit for Containers (MTC) 1.8.0 security and bug fix update

Type/Severity

Security Advisory: Important

Topic

The Migration Toolkit for Containers (MTC) 1.8.0 is now available.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

Security Fix(es):

  • word-wrap: ReDoS (CVE-2023-26115)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • MTC version is not displayed correctly in the UI (BZ#2233026)
  • Indirect migration is stuck on backup stage (BZ#2233097)
  • Migrated application unable to pull image from internal registry on target cluster (BZ#2233103)
  • PodVolumeRestore remain In Progress keeping the migration stuck at Stage Restore (BZ#2233868)
  • Migration failing on Azure due to authorization issue (BZ#2238974)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Migration Toolkit 1 for RHEL 8 x86_64

Fixes

  • BZ - 2216827 - CVE-2023-26115 word-wrap: ReDoS
  • BZ - 2233026 - MTC version is not displayed correctly in the UI
  • BZ - 2233097 - Indirect migration is stuck on backup stage
  • BZ - 2233103 - Migrated application unable to pull image from internal registry on target cluster
  • BZ - 2233868 - PodVolumeRestore remain In Progress keeping the migration stuck at Stage Restore
  • BZ - 2238974 - Migration failing on Azure due to authorization issue
  • MIG-1331 - MTC generates continued requests to Azure Storage API
  • MIG-1363 - Upgrade OADP dependency to latest version
  • MIG-1411 - mtc-operator specification is missing related image registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8

x86_64

rhmtc/openshift-migration-controller-rhel8@sha256:a6ffbd8eceec6cbcf1cd9e2a68bf054d83bc503a23e0761f31fd72bc2e0069e5
rhmtc/openshift-migration-hook-runner-rhel8@sha256:4ec5b490b6347b9816102e477e8c65d7fa692d4d8d81830e22d359be136693fc
rhmtc/openshift-migration-log-reader-rhel8@sha256:4545c394465e23cd99f9204a8008074125bf0e54cf14191398fa36297622178c
rhmtc/openshift-migration-must-gather-rhel8@sha256:575ca0d0f249d4cacea752057aa632da0e1b10d409d67ea07c5546ffbfff6ee7
rhmtc/openshift-migration-openvpn-rhel8@sha256:817c27901dd3e98fd43d81193c5a060c31b346616a8634338b3f281e1a11f2f3
rhmtc/openshift-migration-operator-bundle@sha256:0e34493173d117c7018af4ef6c0ab2638442acd01b9aeab9cc3ac0888906148c
rhmtc/openshift-migration-registry-rhel8@sha256:47fc548f5992663a660168b61480b28e9747994ce2763a28c5d09318c1f76e97
rhmtc/openshift-migration-rhel8-operator@sha256:f7a98e85dfeb7e25aac72654958b6daff79e3afbad3e05b4a9c8aab766970065
rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:9f9d3f87ded448205f4e3add44c2867c9df78b21b2f17cb1ecdce7000178d747
rhmtc/openshift-migration-ui-rhel8@sha256:d038c397009aaab72c067c65e3d2f58e77e3d8d8875f3e4d7c01c4d980c88139
rhmtc/openshift-migration-velero-plugin-for-mtc-rhel8@sha256:9c5cfbf88d5a9ed70d7ae1b9685558307b5822c01ed9bdea87002070edadcec7

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.