RHSA-2024:6657 - Security Advisory

Topic

Migration Toolkit for Runtimes 1.2.7 release
Red Hat Product Security has rated this update as having a security impact of Moderate.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Migration Toolkit for Runtimes 1.2.7 ZIP artifacts

Security Fix(es):

• netty-codec-http: Allocation of Resources Without Limits or Throttling (CVE-2024-29025)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

The References section of this erratum contains a download link (you must log in to download the update).

Affected Products

• Red Hat Migration Toolkit for Runtimes Advisory Metadata x86_64

Fixes

• WINDUP-4200 - MTR 1.2.0 fail with Eexception: java.lang.ClassNotFoundException: org.eclipse.text.edits.MalformedTreeException from [Module "org.jboss.windup.ast.windup-java-ast:6.3.1.Final-redhat-00002_67e96e90-d3bc-44fe-8fc8-ac2abdeacc58" from AddonModuleLoader]

CVEs

• CVE-2024-29025

References

• https://access.redhat.com/security/updates/classification/#moderate
• https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributions