Red Hat 9037 Published by

A Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update has been released.



RHSA-2022:0202-04: Moderate: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update



=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Migration Toolkit for Containers (MTC) 1.6.3 security and bug fix update
Advisory ID: RHSA-2022:0202-01
Product: Red Hat Migration Toolkit
Advisory URL:   https://access.redhat.com/errata/RHSA-2022:0202
Issue date: 2022-01-20
CVE Names: CVE-2016-4658 CVE-2018-5727 CVE-2018-5785
CVE-2018-20845 CVE-2018-20847 CVE-2018-25009
CVE-2018-25010 CVE-2018-25012 CVE-2018-25013
CVE-2018-25014 CVE-2019-5827 CVE-2019-12973
CVE-2019-13750 CVE-2019-13751 CVE-2019-17594
CVE-2019-17595 CVE-2019-18218 CVE-2019-19603
CVE-2019-20838 CVE-2020-10001 CVE-2020-12762
CVE-2020-13435 CVE-2020-13558 CVE-2020-14145
CVE-2020-14155 CVE-2020-15389 CVE-2020-16135
CVE-2020-17541 CVE-2020-18032 CVE-2020-24370
CVE-2020-24870 CVE-2020-27814 CVE-2020-27823
CVE-2020-27824 CVE-2020-27828 CVE-2020-27842
CVE-2020-27843 CVE-2020-27845 CVE-2020-27918
CVE-2020-29623 CVE-2020-35521 CVE-2020-35522
CVE-2020-35523 CVE-2020-35524 CVE-2020-36241
CVE-2020-36330 CVE-2020-36331 CVE-2020-36332
CVE-2021-1765 CVE-2021-1788 CVE-2021-1789
CVE-2021-1799 CVE-2021-1801 CVE-2021-1844
CVE-2021-1870 CVE-2021-1871 CVE-2021-3200
CVE-2021-3272 CVE-2021-3426 CVE-2021-3445
CVE-2021-3481 CVE-2021-3572 CVE-2021-3575
CVE-2021-3580 CVE-2021-3712 CVE-2021-3733
CVE-2021-3778 CVE-2021-3796 CVE-2021-3800
CVE-2021-3948 CVE-2021-20231 CVE-2021-20232
CVE-2021-20266 CVE-2021-20271 CVE-2021-20321
CVE-2021-21775 CVE-2021-21779 CVE-2021-21806
CVE-2021-22876 CVE-2021-22898 CVE-2021-22925
CVE-2021-22946 CVE-2021-22947 CVE-2021-26926
CVE-2021-26927 CVE-2021-27645 CVE-2021-28153
CVE-2021-28650 CVE-2021-29338 CVE-2021-30663
CVE-2021-30665 CVE-2021-30682 CVE-2021-30689
CVE-2021-30720 CVE-2021-30734 CVE-2021-30744
CVE-2021-30749 CVE-2021-30758 CVE-2021-30795
CVE-2021-30797 CVE-2021-30799 CVE-2021-31535
CVE-2021-33560 CVE-2021-33574 CVE-2021-33928
CVE-2021-33929 CVE-2021-33930 CVE-2021-33938
CVE-2021-35942 CVE-2021-36084 CVE-2021-36085
CVE-2021-36086 CVE-2021-36087 CVE-2021-37750
CVE-2021-41617 CVE-2021-42574 CVE-2021-43527
=====================================================================

1. Summary:

The Migration Toolkit for Containers (MTC) 1.6.3 is now available.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.

Security Fix(es):

* mig-controller: incorrect namespaces handling may lead to not authorized
usage of Migration Toolkit for Containers (MTC) (CVE-2021-3948)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to install and use MTC, refer to:

  https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html

4. Bugs fixed (  https://bugzilla.redhat.com/):

2019088 - "MigrationController" CR displays syntax error when unquiescing applications
2021666 - Route name longer than 63 characters causes direct volume migration to fail
2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes
2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC)
2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image
2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console
2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout
2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error
2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource
2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef"

5. References:

  https://access.redhat.com/security/cve/CVE-2016-4658
  https://access.redhat.com/security/cve/CVE-2018-5727
  https://access.redhat.com/security/cve/CVE-2018-5785
  https://access.redhat.com/security/cve/CVE-2018-20845
  https://access.redhat.com/security/cve/CVE-2018-20847
  https://access.redhat.com/security/cve/CVE-2018-25009
  https://access.redhat.com/security/cve/CVE-2018-25010
  https://access.redhat.com/security/cve/CVE-2018-25012
  https://access.redhat.com/security/cve/CVE-2018-25013
  https://access.redhat.com/security/cve/CVE-2018-25014
  https://access.redhat.com/security/cve/CVE-2019-5827
  https://access.redhat.com/security/cve/CVE-2019-12973
  https://access.redhat.com/security/cve/CVE-2019-13750
  https://access.redhat.com/security/cve/CVE-2019-13751
  https://access.redhat.com/security/cve/CVE-2019-17594
  https://access.redhat.com/security/cve/CVE-2019-17595
  https://access.redhat.com/security/cve/CVE-2019-18218
  https://access.redhat.com/security/cve/CVE-2019-19603
  https://access.redhat.com/security/cve/CVE-2019-20838
  https://access.redhat.com/security/cve/CVE-2020-10001
  https://access.redhat.com/security/cve/CVE-2020-12762
  https://access.redhat.com/security/cve/CVE-2020-13435
  https://access.redhat.com/security/cve/CVE-2020-13558
  https://access.redhat.com/security/cve/CVE-2020-14145
  https://access.redhat.com/security/cve/CVE-2020-14155
  https://access.redhat.com/security/cve/CVE-2020-15389
  https://access.redhat.com/security/cve/CVE-2020-16135
  https://access.redhat.com/security/cve/CVE-2020-17541
  https://access.redhat.com/security/cve/CVE-2020-18032
  https://access.redhat.com/security/cve/CVE-2020-24370
  https://access.redhat.com/security/cve/CVE-2020-24870
  https://access.redhat.com/security/cve/CVE-2020-27814
  https://access.redhat.com/security/cve/CVE-2020-27823
  https://access.redhat.com/security/cve/CVE-2020-27824
  https://access.redhat.com/security/cve/CVE-2020-27828
  https://access.redhat.com/security/cve/CVE-2020-27842
  https://access.redhat.com/security/cve/CVE-2020-27843
  https://access.redhat.com/security/cve/CVE-2020-27845
  https://access.redhat.com/security/cve/CVE-2020-27918
  https://access.redhat.com/security/cve/CVE-2020-29623
  https://access.redhat.com/security/cve/CVE-2020-35521
  https://access.redhat.com/security/cve/CVE-2020-35522
  https://access.redhat.com/security/cve/CVE-2020-35523
  https://access.redhat.com/security/cve/CVE-2020-35524
  https://access.redhat.com/security/cve/CVE-2020-36241
  https://access.redhat.com/security/cve/CVE-2020-36330
  https://access.redhat.com/security/cve/CVE-2020-36331
  https://access.redhat.com/security/cve/CVE-2020-36332
  https://access.redhat.com/security/cve/CVE-2021-1765
  https://access.redhat.com/security/cve/CVE-2021-1788
  https://access.redhat.com/security/cve/CVE-2021-1789
  https://access.redhat.com/security/cve/CVE-2021-1799
  https://access.redhat.com/security/cve/CVE-2021-1801
  https://access.redhat.com/security/cve/CVE-2021-1844
  https://access.redhat.com/security/cve/CVE-2021-1870
  https://access.redhat.com/security/cve/CVE-2021-1871
  https://access.redhat.com/security/cve/CVE-2021-3200
  https://access.redhat.com/security/cve/CVE-2021-3272
  https://access.redhat.com/security/cve/CVE-2021-3426
  https://access.redhat.com/security/cve/CVE-2021-3445
  https://access.redhat.com/security/cve/CVE-2021-3481
  https://access.redhat.com/security/cve/CVE-2021-3572
  https://access.redhat.com/security/cve/CVE-2021-3575
  https://access.redhat.com/security/cve/CVE-2021-3580
  https://access.redhat.com/security/cve/CVE-2021-3712
  https://access.redhat.com/security/cve/CVE-2021-3733
  https://access.redhat.com/security/cve/CVE-2021-3778
  https://access.redhat.com/security/cve/CVE-2021-3796
  https://access.redhat.com/security/cve/CVE-2021-3800
  https://access.redhat.com/security/cve/CVE-2021-3948
  https://access.redhat.com/security/cve/CVE-2021-20231
  https://access.redhat.com/security/cve/CVE-2021-20232
  https://access.redhat.com/security/cve/CVE-2021-20266
  https://access.redhat.com/security/cve/CVE-2021-20271
  https://access.redhat.com/security/cve/CVE-2021-20321
  https://access.redhat.com/security/cve/CVE-2021-21775
  https://access.redhat.com/security/cve/CVE-2021-21779
  https://access.redhat.com/security/cve/CVE-2021-21806
  https://access.redhat.com/security/cve/CVE-2021-22876
  https://access.redhat.com/security/cve/CVE-2021-22898
  https://access.redhat.com/security/cve/CVE-2021-22925
  https://access.redhat.com/security/cve/CVE-2021-22946
  https://access.redhat.com/security/cve/CVE-2021-22947
  https://access.redhat.com/security/cve/CVE-2021-26926
  https://access.redhat.com/security/cve/CVE-2021-26927
  https://access.redhat.com/security/cve/CVE-2021-27645
  https://access.redhat.com/security/cve/CVE-2021-28153
  https://access.redhat.com/security/cve/CVE-2021-28650
  https://access.redhat.com/security/cve/CVE-2021-29338
  https://access.redhat.com/security/cve/CVE-2021-30663
  https://access.redhat.com/security/cve/CVE-2021-30665
  https://access.redhat.com/security/cve/CVE-2021-30682
  https://access.redhat.com/security/cve/CVE-2021-30689
  https://access.redhat.com/security/cve/CVE-2021-30720
  https://access.redhat.com/security/cve/CVE-2021-30734
  https://access.redhat.com/security/cve/CVE-2021-30744
  https://access.redhat.com/security/cve/CVE-2021-30749
  https://access.redhat.com/security/cve/CVE-2021-30758
  https://access.redhat.com/security/cve/CVE-2021-30795
  https://access.redhat.com/security/cve/CVE-2021-30797
  https://access.redhat.com/security/cve/CVE-2021-30799
  https://access.redhat.com/security/cve/CVE-2021-31535
  https://access.redhat.com/security/cve/CVE-2021-33560
  https://access.redhat.com/security/cve/CVE-2021-33574
  https://access.redhat.com/security/cve/CVE-2021-33928
  https://access.redhat.com/security/cve/CVE-2021-33929
  https://access.redhat.com/security/cve/CVE-2021-33930
  https://access.redhat.com/security/cve/CVE-2021-33938
  https://access.redhat.com/security/cve/CVE-2021-35942
  https://access.redhat.com/security/cve/CVE-2021-36084
  https://access.redhat.com/security/cve/CVE-2021-36085
  https://access.redhat.com/security/cve/CVE-2021-36086
  https://access.redhat.com/security/cve/CVE-2021-36087
  https://access.redhat.com/security/cve/CVE-2021-37750
  https://access.redhat.com/security/cve/CVE-2021-41617
  https://access.redhat.com/security/cve/CVE-2021-42574
  https://access.redhat.com/security/cve/CVE-2021-43527
  https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at   https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.