Red Hat Product Errata RHSA-2024:2639 - Security Advisory
Issued:
2024-05-01
Updated:
2024-05-01

RHSA-2024:2639 - Security Advisory

Synopsis

Moderate: Migration Toolkit for Containers (MTC) 1.7.15 security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

The Migration Toolkit for Containers (MTC) 1.7.15 is now available.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

Description

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

Security Fix(es) from Bugzilla:

  • golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
  • jose-go: improper handling of highly compressed data (CVE-2024-28180)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Migration Toolkit 1 for RHEL 8 x86_64

Fixes

  • BZ - 2268046 - CVE-2024-24786 golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON
  • BZ - 2268854 - CVE-2024-28180 jose-go: improper handling of highly compressed data

x86_64

rhmtc/openshift-migration-controller-rhel8@sha256:c312ff737af8d68dd54d16478940ec45b263aeafae10692d1b415b67e4ff85dd
rhmtc/openshift-migration-hook-runner-rhel8@sha256:efe71724a81189dd6f32790706f4412c6e3705c78586bfc87bbd7a439c45e982
rhmtc/openshift-migration-legacy-rhel8-operator@sha256:75107be29b4092fd644436000bff239dbfe9f4c5a4abb039737202bf14e73ca4
rhmtc/openshift-migration-log-reader-rhel8@sha256:c5b5d49ca6f6a00b5d1afa289df8d80ce016ae31ab9e5e5df5fc0e1aa2410fcf
rhmtc/openshift-migration-must-gather-rhel8@sha256:12c15fb95fb9928172bd0a7fed31e1fc95a360a56db958df88fe4368bbd6f463
rhmtc/openshift-migration-openvpn-rhel8@sha256:d6d4e2c3717f82bd85d81f8992bbb81c30f5423ce4a9c2c781f3f13f4fcf7d2a
rhmtc/openshift-migration-operator-bundle@sha256:1b1f273e6ed2300ca64962f18a0402bba8a60c0629bb94da6aa16b90986ee558
rhmtc/openshift-migration-registry-rhel8@sha256:dda43dae1989c7f55471990df74b48584dc0789d1c94ce8cec7c9c06e134ddc8
rhmtc/openshift-migration-rhel8-operator@sha256:d5f8a6eea65665dfc14d7f6b8700c984720a0663ff15325ada113f39dc79fa77
rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:d128bd063bae38f4a7405932ccf1f71a00deeea8fcae9ac86889556444c90bc1
rhmtc/openshift-migration-ui-rhel8@sha256:39500437728e982296795d9e116a772221ec1f36d357d01918b82abf97b3aaa2
rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:3452d0015f671f42d1282d7843f0511be7b3c218596d966dbe124203e4269530
rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:2749cf7874d8b93ea1a3840057328857c94531f65d1034909a36bb49afccb7a2
rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:f6e3192d3e604e7b01e58e3dd8ecb16d93e4c7766c50b5b835256b9e55a36347
rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:d629598125de25b737c5a3e89b7c00716e83d1953a9d8b5bde802df07af8c1ee
rhmtc/openshift-migration-velero-rhel8@sha256:1af9e6a419b14dbeaa3953fcd69a34ca4a52d23ea5c021d06ca836054a4308c5
rhmtc/openshift-velero-plugin-rhel8@sha256:9d7b7894a61cb8e3a1037c1b874f3122ccc1dafc86b657bedf68350fde9ac0b8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.