- Issued:
- 2024-03-20
- Updated:
- 2024-03-20
RHSA-2024:1433 - Security Advisory
Synopsis
Moderate: Migration Toolkit for Applications security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
Migration Toolkit for Applications 7.0.2 release
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Description
Migration Toolkit for Applications 7.0.2 Images
Security Fix(es) from Bugzilla:
- golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Migration Toolkit for Applications 1 x86_64
Fixes
- BZ - 2107376 - CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
- MTA-1868 - Missing text below graphs on Reports page
- MTA-1956 - Assessment status is "In progress" instead of "Not started" when the application is associated with an archived questionnaire
- MTA-1964 - [Assessment] Display risk weight for answer choices while answering a questionnaire
- MTA-2043 - [KANTRA][CLI] some errors are found in the generated logs
- MTA-1255 - [UI] Turning off "Use Refresh Tokens" (Keycloak feature) breaks MTA
- MTA-1468 - No tool-tip on hover - UI issue
- MTA-1648 - "Exclude Rules" feature doesn't exclude custom rules after analysis
- MTA-1721 - [Assessment] Exporting a questionnaire includes unnecessary metadata
- MTA-1726 - [Hub] MigrationWave StartDate and EndDate fields are not required and initialized with the same value
- MTA-1785 - Source+Dependency analysis on <JDK11 java application fails compilation
- MTA-1790 - Pagination is shown thrice on migration waves page
- MTA-1845 - "Export to Issue Manager" button should be disabled once the applications are linked to JIRA
- MTA-1872 - Cannot go back and forth with the keyboard arrows within a search box of a filter
- MTA-1880 - [Assessment] Padding on Questionnaire page can be improved
- MTA-1888 - Change request to make the term same "Review" in applications and archetypes page
- MTA-1955 - [Assessment Reports] App count in the Unassessed/Unknown chart doesn't consider apps assessed to have unknown risk
- MTA-1958 - [Application] Missing tooltip for single application Delete button: "Cannot delete application assigned to migration wave."
- MTA-1963 - [Assessment] Add show more/less options for 'Archetypes assessed' and 'Archetypes reviewed' lists on app drawer
- MTA-1965 - Add excludeFor example in questionnaire template
- MTA-1967 - App drawer incorrectly lists assessed archetypes when there are no required questionnaires
- MTA-1972 - Inherited assessment tags should get listed as assessment tags instead of archetype tags on app drawer
- MTA-1973 - App 'Assessment' status shows 'Completed' instead of 'Not started' for inherited assessment after questionnaire is archived
- MTA-2004 - [Custom rules in analysis] Source/target labels are not parsed well when manually uploading yaml file
- MTA-2007 - [Dependencies]Application inventory page shows no applications once Accessed from dependencies
- MTA-2008 - [Dependencies] Doesn't filter and navigate to the affected applications
- MTA-2018 - JBoss EAP8 should be the version selected by default in the list of targets
- MTA-2020 - Remove tackle2-addon container image from operator manifests
- MTA-2041 - [KANTRA] [CLI] the terminal doesn't display the error
- MTA-2046 - [Analyzer]Placeholders in issue description are not being interpolated using jee-example-app-1.0.0.ear
- MTA-2047 - [Analyzer] "Unable to connect" message seen on Single Application issue's Page
- MTA-2056 - [UI] The filters passed as query params are not being removed when the user clicks on "Clear all filters"
- MTA-2064 - [CLI] eap6, 7, 8 appear twice when listing targets
- MTA-2067 - [UI] Sometimes issues contain variable names instead of values
- MTA-2087 - [UI] Typo in column header in affected applications of issues
- MTA-2093 - [Dynamic Reports] Landscape filter is not working
- MTA-2099 - Rules from technology-usage appear as issues
- MTA-2101 - [Analyzer] cdi-to-quarkus-00030 rules affected file is empty
- MTA-2160 - MTA CLI does not work on arm-based machines
- MTA-2201 - MTA CLI doesn't have a version flag
- MTA-2246 - Expected camel4 violations are not generated for camel-cbr example app
- MTA-2260 - [RFE] Increase time for success alerts on all pages
- MTA-2283 - [Archetypes] Application list in the Archetype side drawer doesn't scale well
- MTA-2296 - [Assessment] Take button takes long to get rendered on Assessment actions page
- MTA-2320 - Only associated archetypes should get listed as Assessed archetypes on app side drawer
- MTA-2322 - [UI] Some application filters do not work until the user types something into it
- MTA-2343 - Pages under Migration menu take long to load
- MTA-2346 - [Assessment] discarding associated application assessment with assessed archetype shows application assessment status "Not Started"
- MTA-2351 - [CLI] MTA CLI for Linux doesn't work on arm cpus
- MTA-2354 - App 'Assessment' status shows Completed and Inheritance indicator icon even when not associated with archetypes
- MTA-2359 - Application Tags tab takes long to load
- MTA-467 - Name & Description search filter doesn't work with extra spaces
- MTA-2332 - [CLI] Openrewrite transformation commands get stuck in MacOs
CVEs
aarch64
mta/mta-analyzer-lsp-rhel9@sha256:b0a3d36ec379c6c796d18e31b238f2112a3a6ab31f68798c36fb3b588477c451 |
mta/mta-cli-rhel9@sha256:d7e65ce9ab3b1d91205a2edbb4293cb8362a323b650a3daf7caf9103ae258812 |
mta/mta-windup-shim-rhel9@sha256:3322ff5bdd8d9422567b37888cfe132d48455503e62a38953d5b318d80a02c91 |
x86_64
mta/mta-analyzer-addon-rhel9@sha256:9b3bd8a8bc45ebb2ebfbd13cd571bd52d5d210b82e760ef8ca49d597709d7f83 |
mta/mta-analyzer-lsp-rhel9@sha256:e318451c6efa1559657e9fe928087ff8fea30478d64f4cb75c5919c5279ebba1 |
mta/mta-cli-rhel9@sha256:afc5c7e7d8cd563a47a6475eb9c23e31553eeeaa0709407a8cd1e7492657ea08 |
mta/mta-hub-rhel9@sha256:5690f54c7dde45d95b407c0f1393a8e01e6f8e5512a2595ef8effe74b19a6d4a |
mta/mta-operator-bundle@sha256:b8c09648ffba53778128e145ab66b347f68e7960eaa345830363313f9d564d88 |
mta/mta-rhel8-operator@sha256:cc32dfeeb33b7e2d2a63098b2c1c09999a955b69349cbe3e3902fc1101d176a0 |
mta/mta-ui-rhel9@sha256:06c7b18081e2285b29082e26bd013a8d8d464a7641dd8d285e4909ca86514fde |
mta/mta-windup-shim-rhel9@sha256:4a35cbbe8c24232c138460ff50d1076392136ddedb7111c26ab2b074ad4017a7 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.