rhsa-2024_1923
Vulnerability from csaf_redhat
Published
2024-04-18 11:43
Modified
2024-11-25 02:50
Summary
Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update
Notes
Topic
Migration Toolkit for Runtimes 1.2.5 release
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Migration Toolkit for Runtimes 1.2.5 Images
Security Fix(es):
* vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)
* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Migration Toolkit for Runtimes 1.2.5 release\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives a\ndetailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Migration Toolkit for Runtimes 1.2.5 Images\n\nSecurity Fix(es):\n\n* vertx-core: memory leak when a TCP server is configured with TLS and SNI support (CVE-2024-1300)\n\n* commons-compress: OutOfMemoryError unpacking broken Pack200 file (CVE-2024-26308)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1923", "url": "https://access.redhat.com/errata/RHSA-2024:1923" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2263139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139" }, { "category": "external", "summary": "2264989", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264989" }, { "category": "external", "summary": "WINDUPRULE-1043", "url": "https://issues.redhat.com/browse/WINDUPRULE-1043" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1923.json" } ], "title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update", "tracking": { "current_release_date": "2024-11-25T02:50:13+00:00", "generator": { "date": "2024-11-25T02:50:13+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2024:1923", "initial_release_date": "2024-04-18T11:43:14+00:00", "revision_history": [ { "date": "2024-04-18T11:43:14+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-04-18T11:43:14+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-25T02:50:13+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Migration Toolkit for Runtimes 1 on RHEL 8", "product": { "name": "Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1", "product_identification_helper": { "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8" } } } ], "category": "product_family", "name": "Migration Toolkit for Runtimes" }, { "branches": [ { "category": "product_version", "name": "mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x", "product": { "name": "mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x", "product_id": "mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x", "product_identification_helper": { "purl": "pkg:oci/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-18" } } }, { "category": "product_version", "name": "mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x", "product": { "name": "mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x", "product_id": "mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x", "product_identification_helper": { "purl": "pkg:oci/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-11" } } }, { "category": "product_version", "name": "mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x", "product": { "name": "mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x", "product_id": "mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x", "product_identification_helper": { "purl": "pkg:oci/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-12" } } }, { "category": "product_version", "name": "mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x", "product": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x", "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x", "product_identification_helper": { "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-10" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64", "product": { "name": "mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64", "product_id": "mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64", "product_identification_helper": { "purl": "pkg:oci/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-18" } } }, { "category": "product_version", "name": "mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64", "product": { "name": "mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64", "product_id": "mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64", "product_identification_helper": { "purl": "pkg:oci/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-11" } } }, { "category": "product_version", "name": "mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64", "product": { "name": "mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64", "product_id": "mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64", "product_identification_helper": { "purl": "pkg:oci/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-12" } } }, { "category": "product_version", "name": "mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64", "product": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64", "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64", "product_identification_helper": { "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-10" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64", "product": { "name": "mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64", "product_id": "mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64", "product_identification_helper": { "purl": "pkg:oci/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-18" } } }, { "category": "product_version", "name": "mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64", "product": { "name": "mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64", "product_id": "mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64", "product_identification_helper": { "purl": "pkg:oci/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-11" } } }, { "category": "product_version", "name": "mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64", "product": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64", "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64", "product_identification_helper": { "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-10" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le", "product": { "name": "mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le", "product_id": "mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-18" } } }, { "category": "product_version", "name": "mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le", "product": { "name": "mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le", "product_id": "mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-11" } } }, { "category": "product_version", "name": "mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le", "product": { "name": "mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le", "product_id": "mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-12" } } }, { "category": "product_version", "name": "mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le", "product": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le", "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le", "product_identification_helper": { "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-10" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64" }, "product_reference": "mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64" }, "product_reference": "mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x" }, "product_reference": "mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le" }, "product_reference": "mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64" }, "product_reference": "mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le" }, "product_reference": "mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x" }, "product_reference": "mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64" }, "product_reference": "mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64" }, "product_reference": "mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le" }, "product_reference": "mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x" }, "product_reference": "mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x" }, "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64" }, "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64" }, "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64", "relates_to_product_reference": "8Base-MTR-1" }, { "category": "default_component_of", "full_product_name": { "name": "mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8", "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le" }, "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le", "relates_to_product_reference": "8Base-MTR-1" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-1300", "cwe": { "id": "CWE-401", "name": "Missing Release of Memory after Effective Lifetime" }, "discovery_date": "2024-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2263139" } ], "notes": [ { "category": "description", "text": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.", "title": "Vulnerability description" }, { "category": "summary", "text": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support", "title": "Vulnerability summary" }, { "category": "other", "text": "This affects only TLS servers with SNI enabled.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1300" }, { "category": "external", "summary": "RHBZ#2263139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1300", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1300" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300" }, { "category": "external", "summary": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.", "url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni." } ], "release_date": "2024-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-18T11:43:14+00:00", "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1923" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "products": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support" }, { "cve": "CVE-2024-26308", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2024-02-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2264989" } ], "notes": [ { "category": "description", "text": "An allocation of resources without limits or throttling vulnerability was found in Apache Commons Compress. This issue can lead to an out-of-memory error.", "title": "Vulnerability description" }, { "category": "summary", "text": "commons-compress: OutOfMemoryError unpacking broken Pack200 file", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-26308" }, { "category": "external", "summary": "RHBZ#2264989", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264989" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-26308", "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26308" }, { "category": "external", "summary": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg", "url": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg" }, { "category": "external", "summary": "https://www.openwall.com/lists/oss-security/2024/02/19/2", "url": "https://www.openwall.com/lists/oss-security/2024/02/19/2" } ], "release_date": "2024-02-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-04-18T11:43:14+00:00", "details": "Install the latest version of the Migration Toolkit for Runtimes from the Red Hat catalog in the OperatorHub page within your OpenShift instance.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1923" }, { "category": "workaround", "details": "No mitigation is currently available for this vulnerability.", "product_ids": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:6818c3c795716c2cdb80050e705be0198aed6fef11d63fd28eeb8c21bf5fcb25_amd64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8f983034ba9454f79cc57f7a2d85dc50222638f576b454a1c8e9cd557665aaf3_arm64", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:d12e0dacb99d6efa4cce47fe89f27eb6ebb3c64308d5b742d81b55fced08f63b_s390x", "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:da17b288e5503ff99d747b07062368879799b661e4a7a6354c7162da7427ea7c_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:3f19f1908b9e44ecebebe2c2fcd30f17632f2807275da0b766aeff9f44b88152_arm64", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:5e7df9c2c211b4a3230638efc87735fc702b01d42737eff48128150f02a6f204_ppc64le", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:92b03b5cccbdbf5394b4ea7a8521395d1b7fdcb1de4569dafe646f00c1c10d4c_s390x", "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:a3d0772c5ebda63371edf4f53b78f053bd9035498304e9f2091a0b76c6c26153_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:6eb6177323899560f965b9b142335be8577bcd1330d86185545d25dfa97796ca_amd64", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:86c57b36f6224c54305f7833c1452b9d3fe276f09b295978f8e95bc258593599_ppc64le", "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:9052080bb46a5009e1497a198618b76311c6eefd386810da38d5d04ea05606c4_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:1b09f65401896e35e4ad5bc4979baafb0600f83630ee97173033195f030271db_s390x", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b1076f9d028b653ff74926f09abb291395a0eb5d13c7e1522bc199fed9f68646_amd64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:b604d2e9dd393d52ba64cb39eec10cfab62d60a0b142df967de57734c87ff310_arm64", "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:f9607ef871579e739205639e31d22aad24dd777f0ae0959e9cf3a064d3d27ead_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "commons-compress: OutOfMemoryError unpacking broken Pack200 file" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.