RHSA-2023:1286: Important: Migration Toolkit for Runtimes security bug fix and enhancement update

Published Mar 16, 2023

Updated

Migration Toolkit for Runtimes 1.0.2 Images<br>Security Fix(es):<br><li> spring-security-oauth2-client: Privilege Escalation in spring-security-oauth2-client (CVE-2022-31690)</li> <li> xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow (CVE-2022-41966)</li> <li> Apache CXF: SSRF Vulnerability (CVE-2022-46364)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Software

0 affected components

Remediation

Event History

Feb 20, 2024

Advisory Published

via Red Hat·11:54 PM

Data Sourced

via Red Hat·11:54 PM

RemedyDescriptionAffected Software

Frequently Asked Questions

What is the severity of RHSA-2023:1286?

The severity of RHSA-2023:1286 is critical due to the vulnerabilities it addresses.

How do I fix RHSA-2023:1286?

To fix RHSA-2023:1286, update to the latest version of the affected packages as advised.

What vulnerabilities are addressed in RHSA-2023:1286?

RHSA-2023:1286 addresses a privilege escalation vulnerability in spring-security-oauth2-client and a denial of service issue in xstream.

What is CVE-2022-31690 relevant to RHSA-2023:1286?

CVE-2022-31690 is a privilege escalation vulnerability in spring-security-oauth2-client that is specifically addressed in RHSA-2023:1286.

Is RHSA-2023:1286 applicable to all Migration Toolkit for Runtimes users?

Yes, RHSA-2023:1286 is applicable to all users running affected versions of Migration Toolkit for Runtimes.