Headline
Red Hat Security Advisory 2024-1433-03
Red Hat Security Advisory 2024-1433-03 - Migration Toolkit for Applications 7.0.2 release.
The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1433.jsonRed Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis: Moderate: Migration Toolkit for Applications security and bug fix updateAdvisory ID: RHSA-2024:1433-03Product: Migration Toolkit for ApplicationsAdvisory URL: https://access.redhat.com/errata/RHSA-2024:1433Issue date: 2024-03-20Revision: 03CVE Names: CVE-2022-1962====================================================================Summary: Migration Toolkit for Applications 7.0.2 releaseRed Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.Description:Migration Toolkit for Applications 7.0.2 ImagesSecurity Fix(es) from Bugzilla:* golang: go/parser: stack exhaustion in all Parse* functions (CVE-2022-1962)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2022-1962References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2107376https://issues.redhat.com/browse/MTA-1255https://issues.redhat.com/browse/MTA-1468https://issues.redhat.com/browse/MTA-1648https://issues.redhat.com/browse/MTA-1721https://issues.redhat.com/browse/MTA-1726https://issues.redhat.com/browse/MTA-1785https://issues.redhat.com/browse/MTA-1790https://issues.redhat.com/browse/MTA-1845https://issues.redhat.com/browse/MTA-1868https://issues.redhat.com/browse/MTA-1872https://issues.redhat.com/browse/MTA-1880https://issues.redhat.com/browse/MTA-1888https://issues.redhat.com/browse/MTA-1955https://issues.redhat.com/browse/MTA-1956https://issues.redhat.com/browse/MTA-1958https://issues.redhat.com/browse/MTA-1963https://issues.redhat.com/browse/MTA-1964https://issues.redhat.com/browse/MTA-1965https://issues.redhat.com/browse/MTA-1967https://issues.redhat.com/browse/MTA-1972https://issues.redhat.com/browse/MTA-1973https://issues.redhat.com/browse/MTA-2004https://issues.redhat.com/browse/MTA-2007https://issues.redhat.com/browse/MTA-2008https://issues.redhat.com/browse/MTA-2018https://issues.redhat.com/browse/MTA-2020https://issues.redhat.com/browse/MTA-2041https://issues.redhat.com/browse/MTA-2043https://issues.redhat.com/browse/MTA-2046https://issues.redhat.com/browse/MTA-2047https://issues.redhat.com/browse/MTA-2056https://issues.redhat.com/browse/MTA-2064https://issues.redhat.com/browse/MTA-2067https://issues.redhat.com/browse/MTA-2087https://issues.redhat.com/browse/MTA-2093https://issues.redhat.com/browse/MTA-2099https://issues.redhat.com/browse/MTA-2101https://issues.redhat.com/browse/MTA-2160https://issues.redhat.com/browse/MTA-2201https://issues.redhat.com/browse/MTA-2246https://issues.redhat.com/browse/MTA-2260https://issues.redhat.com/browse/MTA-2283https://issues.redhat.com/browse/MTA-2296https://issues.redhat.com/browse/MTA-2320https://issues.redhat.com/browse/MTA-2322https://issues.redhat.com/browse/MTA-2332https://issues.redhat.com/browse/MTA-2343https://issues.redhat.com/browse/MTA-2346https://issues.redhat.com/browse/MTA-2351https://issues.redhat.com/browse/MTA-2354https://issues.redhat.com/browse/MTA-2359https://issues.redhat.com/browse/MTA-467Related news
Ubuntu Security Notice 6038-1 - It was discovered that the Go net/http module incorrectly handled Transfer-Encoding headers in the HTTP/1 client. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. It was discovered that Go did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a panic resulting into a denial of service.
The Migration Toolkit for Containers (MTC) 1.7.6 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30629: golang: crypto/tls: session tickets lack random ticket_age_add * CVE-2022-30630: golang: io/fs: stack exhaustion in G...
An update for the container-tools:3.0 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1708: cri-o: memory exhaustion on the node when access to the kube api * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-21698: prometheus/client_golang: Denial of service using InstrumentHandlerCounter * CVE-...
Red Hat Security Advisory 2022-6430-01 - OpenShift API for Data Protection enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-6113-01 - Red Hat Application Interconnect 1.0 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site. This is an update to the rpms for Red Hat Application Interconnect 1.0 to fix some security issues in the golang compiler.
Red Hat Application Interconnect 1.0 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site. This is an update to the rpms for Red Hat Application Interconnect 1.0 to fix some security issues in the golang compiler. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original...
Red Hat Security Advisory 2022-6042-01 - Red Hat OpenShift Serverless Client kn 1.24.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.24.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Issues addressed include bypass and denial of service vulnerabilities.
In Decoder.Skip in encoding/xml in Go before 1.17.12 and 1.18.x before 1.18.4, stack exhaustion and a panic can occur via a deeply nested XML document.
An update for go-toolset and golang is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhaustion ...
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-1705: golang: net/http: improper sanitization of Transfer-Encoding header * CVE-2022-1962: golang: go/parser: stack exhaustion in all Parse* functions * CVE-2022-28131: golang: encoding/xml: stack exhaustion in Decoder.Skip * CVE-2022-30630: golang: io/fs: stack exhaustion in Glob * CVE-2022-30631: golang: compress/gzip: stack exhau...