What security vulnerabilities are addressed in RHSA-2022:9047?

RHSA-2022:9047 addresses multiple vulnerabilities affecting the Migration Toolkit for Containers, including issues identified in Bugzilla.

How can I mitigate the vulnerabilities described in RHSA-2022:9047?

To mitigate the vulnerabilities in RHSA-2022:9047, it is recommended to apply the latest updates to the Migration Toolkit for Containers.

Is there a risk of data loss when applying the fix for RHSA-2022:9047?

Applying the fix for RHSA-2022:9047 is designed to enhance security without causing data loss, though backups are always recommended.

What versions of OpenShift are affected by RHSA-2022:9047?

RHSA-2022:9047 affects specific versions of the OpenShift Container Platform that utilize the Migration Toolkit for Containers.

When was the advisory for RHSA-2022:9047 released?

The advisory for RHSA-2022:9047 was released in December 2022.

Vulnerability/
RHSA-2022:9047

15/12/2022

RHSA-2022:9047: Moderate: Migration Toolkit for Containers (MTC) 1.7.6 security and bug fix update

First published: Thu Dec 15 2022(Updated: )

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.<br>Security Fix(es) from Bugzilla:<br><li> golang: net/<a href="http:" target="_blank">http:</a> improper sanitization of Transfer-Encoding header (CVE-2022-1705)</li> <li> golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)</li> <li> golang: encoding/xml: stack exhaustion in Decoder.Skip (CVE-2022-28131)</li> <li> golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)</li> <li> golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)</li> <li> golang: encoding/xml: stack exhaustion in Unmarshal (CVE-2022-30633)</li> <li> golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)</li> <li> golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)</li> <li> golang: crypto/tls: session tickets lack random ticket_age_add (CVE-2022-30629)</li> For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software	Affected Version	How to fix
Red Hat Migration Toolkit

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What security vulnerabilities are addressed in RHSA-2022:9047?
RHSA-2022:9047 addresses multiple vulnerabilities affecting the Migration Toolkit for Containers, including issues identified in Bugzilla.
How can I mitigate the vulnerabilities described in RHSA-2022:9047?
To mitigate the vulnerabilities in RHSA-2022:9047, it is recommended to apply the latest updates to the Migration Toolkit for Containers.
Is there a risk of data loss when applying the fix for RHSA-2022:9047?
Applying the fix for RHSA-2022:9047 is designed to enhance security without causing data loss, though backups are always recommended.
What versions of OpenShift are affected by RHSA-2022:9047?
RHSA-2022:9047 affects specific versions of the OpenShift Container Platform that utilize the Migration Toolkit for Containers.
When was the advisory for RHSA-2022:9047 released?
The advisory for RHSA-2022:9047 was released in December 2022.

agent/severity
agent/references
agent/type
agent/event
agent/last-modified-date
agent/first-publish-date
collector/redhat-errata
source/Red Hat
anchor-id/RHSA-2022:9047
agent/remedy
agent/title
agent/description
agent/trending
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/red hat
canonical/red hat migration toolkit