(RHSA-2023:0693) Moderate: Migration Toolkit for Containers (MTC) 1.7.7 security and bug fix update

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.

Security Fix(es) from Bugzilla:

• async: Prototype Pollution in async (CVE-2021-43138)

• golang: archive/tar: unbounded memory consumption when reading headers (CVE-2022-2879)

• golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)

• golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)

• golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)

• golang: net/url: JoinPath does not strip relative path components in all circumstances (CVE-2022-32190)

• golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)

• golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

• golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service (CVE-2022-32189)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.