Red Hat Security Advisory 2022-0202-04 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.
194b1fb3244796d500710e340e920f92f4abc83abbfaacd11163fd0cbe51025b
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update
Advisory ID: RHSA-2022:0202-01
Product: Red Hat Migration Toolkit
Advisory URL: https://access.redhat.com/errata/RHSA-2022:0202
Issue date: 2022-01-20
CVE Names: CVE-2016-4658 CVE-2018-5727 CVE-2018-5785
CVE-2018-20845 CVE-2018-20847 CVE-2018-25009
CVE-2018-25010 CVE-2018-25012 CVE-2018-25013
CVE-2018-25014 CVE-2019-5827 CVE-2019-12973
CVE-2019-13750 CVE-2019-13751 CVE-2019-17594
CVE-2019-17595 CVE-2019-18218 CVE-2019-19603
CVE-2019-20838 CVE-2020-10001 CVE-2020-12762
CVE-2020-13435 CVE-2020-13558 CVE-2020-14145
CVE-2020-14155 CVE-2020-15389 CVE-2020-16135
CVE-2020-17541 CVE-2020-18032 CVE-2020-24370
CVE-2020-24870 CVE-2020-27814 CVE-2020-27823
CVE-2020-27824 CVE-2020-27828 CVE-2020-27842
CVE-2020-27843 CVE-2020-27845 CVE-2020-27918
CVE-2020-29623 CVE-2020-35521 CVE-2020-35522
CVE-2020-35523 CVE-2020-35524 CVE-2020-36241
CVE-2020-36330 CVE-2020-36331 CVE-2020-36332
CVE-2021-1765 CVE-2021-1788 CVE-2021-1789
CVE-2021-1799 CVE-2021-1801 CVE-2021-1844
CVE-2021-1870 CVE-2021-1871 CVE-2021-3200
CVE-2021-3272 CVE-2021-3426 CVE-2021-3445
CVE-2021-3481 CVE-2021-3572 CVE-2021-3575
CVE-2021-3580 CVE-2021-3712 CVE-2021-3733
CVE-2021-3778 CVE-2021-3796 CVE-2021-3800
CVE-2021-3948 CVE-2021-20231 CVE-2021-20232
CVE-2021-20266 CVE-2021-20271 CVE-2021-20321
CVE-2021-21775 CVE-2021-21779 CVE-2021-21806
CVE-2021-22876 CVE-2021-22898 CVE-2021-22925
CVE-2021-22946 CVE-2021-22947 CVE-2021-26926
CVE-2021-26927 CVE-2021-27645 CVE-2021-28153
CVE-2021-28650 CVE-2021-29338 CVE-2021-30663
CVE-2021-30665 CVE-2021-30682 CVE-2021-30689
CVE-2021-30720 CVE-2021-30734 CVE-2021-30744
CVE-2021-30749 CVE-2021-30758 CVE-2021-30795
CVE-2021-30797 CVE-2021-30799 CVE-2021-31535
CVE-2021-33560 CVE-2021-33574 CVE-2021-33928
CVE-2021-33929 CVE-2021-33930 CVE-2021-33938
CVE-2021-35942 CVE-2021-36084 CVE-2021-36085
CVE-2021-36086 CVE-2021-36087 CVE-2021-37750
CVE-2021-41617 CVE-2021-42574 CVE-2021-43527
====================================================================
1. Summary:
The Migration Toolkit for Containers (MTC) 1.6.3 is now available.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Description:
The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.
Security Fix(es):
* mig-controller: incorrect namespaces handling may lead to not authorized
usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
For details on how to install and use MTC, refer to:
https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html
4. Bugs fixed (https://bugzilla.redhat.com/):
2019088 - "MigrationController" CR displays syntax error when unquiescing applications
2021666 - Route name longer than 63 characters causes direct volume migration to fail
2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes
2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image
2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console
2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout
2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error
2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource
2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"
5. References:
https://access.redhat.com/security/cve/CVE-2016-4658
https://access.redhat.com/security/cve/CVE-2018-5727
https://access.redhat.com/security/cve/CVE-2018-5785
https://access.redhat.com/security/cve/CVE-2018-20845
https://access.redhat.com/security/cve/CVE-2018-20847
https://access.redhat.com/security/cve/CVE-2018-25009
https://access.redhat.com/security/cve/CVE-2018-25010
https://access.redhat.com/security/cve/CVE-2018-25012
https://access.redhat.com/security/cve/CVE-2018-25013
https://access.redhat.com/security/cve/CVE-2018-25014
https://access.redhat.com/security/cve/CVE-2019-5827
https://access.redhat.com/security/cve/CVE-2019-12973
https://access.redhat.com/security/cve/CVE-2019-13750
https://access.redhat.com/security/cve/CVE-2019-13751
https://access.redhat.com/security/cve/CVE-2019-17594
https://access.redhat.com/security/cve/CVE-2019-17595
https://access.redhat.com/security/cve/CVE-2019-18218
https://access.redhat.com/security/cve/CVE-2019-19603
https://access.redhat.com/security/cve/CVE-2019-20838
https://access.redhat.com/security/cve/CVE-2020-10001
https://access.redhat.com/security/cve/CVE-2020-12762
https://access.redhat.com/security/cve/CVE-2020-13435
https://access.redhat.com/security/cve/CVE-2020-13558
https://access.redhat.com/security/cve/CVE-2020-14145
https://access.redhat.com/security/cve/CVE-2020-14155
https://access.redhat.com/security/cve/CVE-2020-15389
https://access.redhat.com/security/cve/CVE-2020-16135
https://access.redhat.com/security/cve/CVE-2020-17541
https://access.redhat.com/security/cve/CVE-2020-18032
https://access.redhat.com/security/cve/CVE-2020-24370
https://access.redhat.com/security/cve/CVE-2020-24870
https://access.redhat.com/security/cve/CVE-2020-27814
https://access.redhat.com/security/cve/CVE-2020-27823
https://access.redhat.com/security/cve/CVE-2020-27824
https://access.redhat.com/security/cve/CVE-2020-27828
https://access.redhat.com/security/cve/CVE-2020-27842
https://access.redhat.com/security/cve/CVE-2020-27843
https://access.redhat.com/security/cve/CVE-2020-27845
https://access.redhat.com/security/cve/CVE-2020-27918
https://access.redhat.com/security/cve/CVE-2020-29623
https://access.redhat.com/security/cve/CVE-2020-35521
https://access.redhat.com/security/cve/CVE-2020-35522
https://access.redhat.com/security/cve/CVE-2020-35523
https://access.redhat.com/security/cve/CVE-2020-35524
https://access.redhat.com/security/cve/CVE-2020-36241
https://access.redhat.com/security/cve/CVE-2020-36330
https://access.redhat.com/security/cve/CVE-2020-36331
https://access.redhat.com/security/cve/CVE-2020-36332
https://access.redhat.com/security/cve/CVE-2021-1765
https://access.redhat.com/security/cve/CVE-2021-1788
https://access.redhat.com/security/cve/CVE-2021-1789
https://access.redhat.com/security/cve/CVE-2021-1799
https://access.redhat.com/security/cve/CVE-2021-1801
https://access.redhat.com/security/cve/CVE-2021-1844
https://access.redhat.com/security/cve/CVE-2021-1870
https://access.redhat.com/security/cve/CVE-2021-1871
https://access.redhat.com/security/cve/CVE-2021-3200
https://access.redhat.com/security/cve/CVE-2021-3272
https://access.redhat.com/security/cve/CVE-2021-3426
https://access.redhat.com/security/cve/CVE-2021-3445
https://access.redhat.com/security/cve/CVE-2021-3481
https://access.redhat.com/security/cve/CVE-2021-3572
https://access.redhat.com/security/cve/CVE-2021-3575
https://access.redhat.com/security/cve/CVE-2021-3580
https://access.redhat.com/security/cve/CVE-2021-3712
https://access.redhat.com/security/cve/CVE-2021-3733
https://access.redhat.com/security/cve/CVE-2021-3778
https://access.redhat.com/security/cve/CVE-2021-3796
https://access.redhat.com/security/cve/CVE-2021-3800
https://access.redhat.com/security/cve/CVE-2021-3948
https://access.redhat.com/security/cve/CVE-2021-20231
https://access.redhat.com/security/cve/CVE-2021-20232
https://access.redhat.com/security/cve/CVE-2021-20266
https://access.redhat.com/security/cve/CVE-2021-20271
https://access.redhat.com/security/cve/CVE-2021-20321
https://access.redhat.com/security/cve/CVE-2021-21775
https://access.redhat.com/security/cve/CVE-2021-21779
https://access.redhat.com/security/cve/CVE-2021-21806
https://access.redhat.com/security/cve/CVE-2021-22876
https://access.redhat.com/security/cve/CVE-2021-22898
https://access.redhat.com/security/cve/CVE-2021-22925
https://access.redhat.com/security/cve/CVE-2021-22946
https://access.redhat.com/security/cve/CVE-2021-22947
https://access.redhat.com/security/cve/CVE-2021-26926
https://access.redhat.com/security/cve/CVE-2021-26927
https://access.redhat.com/security/cve/CVE-2021-27645
https://access.redhat.com/security/cve/CVE-2021-28153
https://access.redhat.com/security/cve/CVE-2021-28650
https://access.redhat.com/security/cve/CVE-2021-29338
https://access.redhat.com/security/cve/CVE-2021-30663
https://access.redhat.com/security/cve/CVE-2021-30665
https://access.redhat.com/security/cve/CVE-2021-30682
https://access.redhat.com/security/cve/CVE-2021-30689
https://access.redhat.com/security/cve/CVE-2021-30720
https://access.redhat.com/security/cve/CVE-2021-30734
https://access.redhat.com/security/cve/CVE-2021-30744
https://access.redhat.com/security/cve/CVE-2021-30749
https://access.redhat.com/security/cve/CVE-2021-30758
https://access.redhat.com/security/cve/CVE-2021-30795
https://access.redhat.com/security/cve/CVE-2021-30797
https://access.redhat.com/security/cve/CVE-2021-30799
https://access.redhat.com/security/cve/CVE-2021-31535
https://access.redhat.com/security/cve/CVE-2021-33560
https://access.redhat.com/security/cve/CVE-2021-33574
https://access.redhat.com/security/cve/CVE-2021-33928
https://access.redhat.com/security/cve/CVE-2021-33929
https://access.redhat.com/security/cve/CVE-2021-33930
https://access.redhat.com/security/cve/CVE-2021-33938
https://access.redhat.com/security/cve/CVE-2021-35942
https://access.redhat.com/security/cve/CVE-2021-36084
https://access.redhat.com/security/cve/CVE-2021-36085
https://access.redhat.com/security/cve/CVE-2021-36086
https://access.redhat.com/security/cve/CVE-2021-36087
https://access.redhat.com/security/cve/CVE-2021-37750
https://access.redhat.com/security/cve/CVE-2021-41617
https://access.redhat.com/security/cve/CVE-2021-42574
https://access.redhat.com/security/cve/CVE-2021-43527
https://access.redhat.com/security/updates/classification/#moderate
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYelE49zjgjWX9erEAQjSRRAApKO30btZGnyA5feQQvEWah03Rb0Fdq4Z
lZrWNkwHcj42c3dvonp8WHc6ROQoXRr9myr+EXyji3/lKDPWes4HQ0u70WM2v2RE
qLqCnv6fT0/kJ0/liAsVlzyBsjBzf19Q8KT2cN/GslvfaFEPg3AqtEXVx51glDfB
D9c3BSCdA5OBzmVW/7Em18Gtg197tl1lhfRZrd0xOmJm9uiZcbgAr77FCgYel9OS
pjcemaheHSJ48dhp+r1D7FSRhCo7/OBcB/DM1jAqWKiT6LmiBE4zJ3HtepCMVDKJ
SUDpn2vW29jQBhb+pTI8lSyPO0u2qqsF5qMnIYfCj2tigaW5AdevVZvBftd1d+9j
AGdcOaPyKzqrp3sq2/oCe1o1KqUGMFXOAEbITK+7KagACKbA9UoF9VHgALZFzUMm
iNXoQh/zpWwSWkp4YWukz2nTqcgJEL40w6loShfU5jKSDcz9J5jekYWTPTVAZrOm
4fxUhijdK+sqQEifhtPfSoxm1JSIScGcSry4qwbfJ87RJInYbINMjci/CwMaYDDu
D/oowaQZdpWT8X080arwo7utlnczQ/d9nzEWvpPSkUXELBfOdyQy4X2j/L+n2Tt5
8H3Gpjj/VksCUzwv5aVtRCcgI+mJnVpET0MRMS+HMf1o8T8yetJTYunwWEyKNYJv
kUeopBhYilYZl
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce