Red Hat Product Errata RHSA-2023:5801 - Security Advisory
Issued:
2023-10-17
Updated:
2023-10-17

RHSA-2023:5801 - Security Advisory

Synopsis

Important: Migration Toolkit for Runtimes security update

Type/Severity

Security Advisory: Important

Topic

Migration Toolkit for Runtimes 1.2.1 release

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Migration Toolkit for Runtimes 1.2.1 Images

Security Fix(es):

  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Migration Toolkit for Runtimes Advisory Metadata x86_64

Fixes

  • BZ - 2242803 - CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

aarch64

mtr/mtr-operator-bundle@sha256:ed8fe2d3313cea2435357cce660cc933260d3a254e66575aa8d9e6edd44531eb
mtr/mtr-rhel8-operator@sha256:74dbf338ddb1772ad6dba53c0fa185cfe4d8d8973210d67b7662d3406b26c3a6
mtr/mtr-web-executor-container-rhel8@sha256:5b39504feb5073935afc16220e297e85a1a7287f482c89b4227ef0b9b7f7f355

ppc64le

mtr/mtr-operator-bundle@sha256:a168c9110fd01e0615e62e16408688599d65dece68d5965547b50be3072bde7b
mtr/mtr-rhel8-operator@sha256:71ce5cfaf6f39e242599df08643c9512c5af0a316a3b19b45c6042154c68d236
mtr/mtr-web-container-rhel8@sha256:801e00ff1c5aa1f2dd140b448e0d39210b2ed608306777d98959afe0b77ac0cf
mtr/mtr-web-executor-container-rhel8@sha256:f5f48da94ab95be7c2b7642610af860d5bbcda300445f691d0139c2b1e23de84

s390x

mtr/mtr-operator-bundle@sha256:879263f1412ce4ebd224728713b5f353a3aff3130b052718d6cb6d763513ab85
mtr/mtr-rhel8-operator@sha256:93c10589ddcd6d5ac5a910474806ce55d7ed798c10ce8e7c430d22291f11b72b
mtr/mtr-web-container-rhel8@sha256:c7348032abd6194e7fb47e63e1f00db706c20ebee4edba53746da6d3c40f166d
mtr/mtr-web-executor-container-rhel8@sha256:f138323dcffc5d4386decaf6fdcd4c059348a5c8ce3d6392c94dc7a40440ee3d

x86_64

mtr/mtr-operator-bundle@sha256:60acebf53444e65bab7e216838cd9da49928fed27db24d75f5d1a244993f42dd
mtr/mtr-rhel8-operator@sha256:e01ce6a876935bf298a0820199aa7b462a99b7c48680da6aa3e7c113446d5d88
mtr/mtr-web-container-rhel8@sha256:d3ef4e55145f7c1d8ba413b5a57292eec0a98b0279a430ec6e09bcd7ae9b6fc6
mtr/mtr-web-executor-container-rhel8@sha256:9a8218e8ad59ef78011343e70d61b4c0b3e3eaa2ddb9470cce87102698b986a5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.