A Migration Toolkit for Containers (MTC) 1.7.12 security and bug fix update has been released.

[RHSA-2023:4892-01] Moderate: Migration Toolkit for Containers (MTC) 1.7.12 security and bug fix update

=====================================================================
Red Hat Security Advisory

Synopsis: Moderate: Migration Toolkit for Containers (MTC) 1.7.12 security and bug fix update
Advisory ID: RHSA-2023:4892-01
Product: Red Hat Migration Toolkit
Advisory URL: https://access.redhat.com/errata/RHSA-2023:4892
Issue date: 2023-08-31
CVE Names: CVE-2020-24736 CVE-2022-48281 CVE-2023-1667
CVE-2023-2283 CVE-2023-2828 CVE-2023-24532
CVE-2023-26604 CVE-2023-34969 CVE-2023-38408
=====================================================================

1. Summary:

The Migration Toolkit for Containers (MTC) 1.7.12 is now available.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

The Migration Toolkit for Containers (MTC) enables you to migrate
Kubernetes resources, persistent volume data, and internal container images
between OpenShift Container Platform clusters, using the MTC web console or
the Kubernetes API.

Security Fix(es):

* golang: crypto/internal/nistec: specific unreduced P-256 scalars produce
incorrect results (CVE-2023-24532)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed ( https://bugzilla.redhat.com/):

2223355 - CVE-2023-24532 golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results

5. References:

https://access.redhat.com/security/cve/CVE-2020-24736
https://access.redhat.com/security/cve/CVE-2022-48281
https://access.redhat.com/security/cve/CVE-2023-1667
https://access.redhat.com/security/cve/CVE-2023-2283
https://access.redhat.com/security/cve/CVE-2023-2828
https://access.redhat.com/security/cve/CVE-2023-24532
https://access.redhat.com/security/cve/CVE-2023-26604
https://access.redhat.com/security/cve/CVE-2023-34969
https://access.redhat.com/security/cve/CVE-2023-38408
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is [secalert@redhat.com]. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.

--