- Issued:
- 2024-05-23
- Updated:
- 2024-05-23
RHSA-2024:3316 - Important: Migration Toolkit for Applications security and bug fix update
Synopsis
Important: Migration Toolkit for Applications security and bug fix update
Type/Severity
Security Advisory Important
Topic
Migration Toolkit for Applications 7.0.3 release
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Migration Toolkit for Applications 7.0.3 Images
Security Fix(es) from Bugzilla:
-
golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288)
-
webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180)
-
axios: exposure of confidential data stored in cookies (CVE-2023-45857)
-
css-tools: Improper Input Validation causes Denial of Service via Regular Expression (CVE-2023-26364)
-
go-resty: HTTP request body disclosure in github.com/go-resty/resty/v2 (CVE-2023-45286)
-
golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)
-
golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)
-
css-tools: regular expression denial of service (ReDoS) when parsing CSS (CVE-2023-48631)
-
follow-redirects: Improper Input Validation due to the improper handling of URLs by the url.parse() (CVE-2023-26159)
-
golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
-
follow-redirects: Possible credential leak (CVE-2024-28849)
Solution
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Migration Toolkit for Applications | Container Advisories | x86_64 |
Fixes
- This content is not included.BZ - 2248979
- This content is not included.BZ - 2250364
- This content is not included.BZ - 2252012
- This content is not included.BZ - 2253193
- This content is not included.BZ - 2253330
- This content is not included.BZ - 2254559
- This content is not included.BZ - 2256413
- This content is not included.BZ - 2268046
- This content is not included.BZ - 2268273
- This content is not included.BZ - 2269576
- This content is not included.BZ - 2270863
- This content is not included.MTA-1578
- This content is not included.MTA-1959
- This content is not included.MTA-1961
- This content is not included.MTA-1970
- This content is not included.MTA-1997
- This content is not included.MTA-2003
- This content is not included.MTA-2117
- This content is not included.MTA-2186
- This content is not included.MTA-2224
- This content is not included.MTA-2243
- This content is not included.MTA-2287
- This content is not included.MTA-2308
- This content is not included.MTA-2314
- This content is not included.MTA-2341
- This content is not included.MTA-2380
- This content is not included.MTA-2400
- This content is not included.MTA-2409
- This content is not included.MTA-2410
- This content is not included.MTA-2426
- This content is not included.MTA-2427
- This content is not included.MTA-2451
- This content is not included.MTA-2452
- This content is not included.MTA-2495
- This content is not included.MTA-2503
- This content is not included.MTA-2505
- This content is not included.MTA-2512
- This content is not included.MTA-2513
- This content is not included.MTA-2518
- This content is not included.MTA-2550
- This content is not included.MTA-2560
- This content is not included.MTA-2563
- This content is not included.MTA-2616
- This content is not included.MTA-2652
- This content is not included.MTA-2654
- This content is not included.MTA-2661
- This content is not included.MTA-2681
- This content is not included.MTA-2781
CVEs
- CVE-2021-43618
- CVE-2022-48554
- CVE-2022-48624
- CVE-2023-2975
- CVE-2023-3446
- CVE-2023-3817
- CVE-2023-4408
- CVE-2023-5678
- CVE-2023-6129
- CVE-2023-6237
- CVE-2023-6240
- CVE-2023-7008
- CVE-2023-25193
- CVE-2023-26159
- CVE-2023-26364
- CVE-2023-28322
- CVE-2023-38469
- CVE-2023-38470
- CVE-2023-38471
- CVE-2023-38472
- CVE-2023-38473
- CVE-2023-38546
- CVE-2023-39326
- CVE-2023-43785
- CVE-2023-43786
- CVE-2023-43787
- CVE-2023-45286
- CVE-2023-45287
- CVE-2023-45288
- CVE-2023-45289
- CVE-2023-45290
- CVE-2023-45857
- CVE-2023-46218
- CVE-2023-47038
- CVE-2023-48631
- CVE-2023-50387
- CVE-2023-50868
- CVE-2023-52425
- CVE-2024-0727
- CVE-2024-1394
- CVE-2024-1488
- CVE-2024-2961
- CVE-2024-21011
- CVE-2024-21012
- CVE-2024-21068
- CVE-2024-21094
- CVE-2024-22365
- CVE-2024-24783
- CVE-2024-24784
- CVE-2024-24785
- CVE-2024-24786
- CVE-2024-25062
- CVE-2024-25742
- CVE-2024-25743
- CVE-2024-28834
- CVE-2024-28835
- CVE-2024-28849
- CVE-2024-29180
References
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.