[RHSA-2024:2952] resource-agents security and bug fix update
Severity
Moderate
Affected Packages
10
CVEs
2
The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.
Security Fix(es):
urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803)
pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex (CVE-2023-52323)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.
| Package | Affected Version |
|---|---|
 pkg:rpm/redhat/resource-agents?arch=x86_64&distro=redhat-8
|
< 4.9.0-54.el8 |
|
pkg:rpm/redhat/resource-agents?arch=s390x&distro=redhat-8
|
< 4.9.0-54.el8 |
|
pkg:rpm/redhat/resource-agents?arch=ppc64le&distro=redhat-8
|
< 4.9.0-54.el8 |
|
pkg:rpm/redhat/resource-agents?arch=aarch64&distro=redhat-8
|
< 4.9.0-54.el8 |
|
pkg:rpm/redhat/resource-agents-paf?arch=x86_64&distro=redhat-8
|
< 4.9.0-54.el8 |
|
pkg:rpm/redhat/resource-agents-paf?arch=s390x&distro=redhat-8
|
< 4.9.0-54.el8 |
|
pkg:rpm/redhat/resource-agents-paf?arch=ppc64le&distro=redhat-8
|
< 4.9.0-54.el8 |
|
pkg:rpm/redhat/resource-agents-paf?arch=aarch64&distro=redhat-8
|
< 4.9.0-54.el8 |
|
pkg:rpm/redhat/resource-agents-gcp?arch=x86_64&distro=redhat-8
|
< 4.9.0-54.el8 |
|
pkg:rpm/redhat/resource-agents-aliyun?arch=x86_64&distro=redhat-8
|
< 4.9.0-54.el8 |
- ID
- RHSA-2024:2952
- Severity
- moderate
- URL
- https://access.redhat.com/errata/RHSA-2024:2952
- Published
-
2024-05-22T00:00:00
(4 months ago) - Modified
-
2024-05-22T00:00:00
(4 months ago) - Rights
- Copyright 2024 Red Hat, Inc.
- Other Advisories
-
-
ALAS2-2024-2387
-
ALPINE:CVE-2023-45803
-
ALSA-2024:0116
-
ALSA-2024:0464
-
ALSA-2024:2132
-
ALSA-2024:2968
-
ELSA-2024-0116
-
ELSA-2024-0464
-
ELSA-2024-2132
-
ELSA-2024-2968
-
ELSA-2024-2988
-
FEDORA-2023-18f03a150d
-
FEDORA-2023-932b0c86f4
-
FEDORA-2023-dede912109
-
PYSEC-2023-212
-
PYSEC-2024-3
-
RHSA-2024:0116
-
RHSA-2024:0464
-
RHSA-2024:2132
-
RHSA-2024:2968
-
RHSA-2024:2988
-
RLSA-2024:2968
-
SUSE-SU-2023:4352-1
-
SUSE-SU-2023:4356-1
-
SUSE-SU-2023:4467-1
-
SUSE-SU-2023:4468-1
-
SUSE-SU-2024:0557-1
-
SUSE-SU-2024:0585-1
-
SUSE-SU-2024:0601-1
-
SUSE-SU-2024:2462-1
-
USN-6473-1
-
USN-6473-2
-
USN-6595-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 2246840 |
|
|
| Bugzilla | 2257028 |
|
|
| RHSA | RHSA-2024:2952 |
|
|
| CVE | CVE-2023-45803 |
|
|
| CVE | CVE-2023-52323 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/redhat/resource-agents?arch=x86_64&distro=redhat-8 | redhat |
resource-agents
|
< 4.9.0-54.el8 | redhat-8 | x86_64 | |
| Affected | pkg:rpm/redhat/resource-agents?arch=s390x&distro=redhat-8 | redhat |
resource-agents
|
< 4.9.0-54.el8 | redhat-8 | s390x | |
| Affected | pkg:rpm/redhat/resource-agents?arch=ppc64le&distro=redhat-8 | redhat |
resource-agents
|
< 4.9.0-54.el8 | redhat-8 | ppc64le | |
| Affected | pkg:rpm/redhat/resource-agents?arch=aarch64&distro=redhat-8 | redhat |
resource-agents
|
< 4.9.0-54.el8 | redhat-8 | aarch64 | |
| Affected | pkg:rpm/redhat/resource-agents-paf?arch=x86_64&distro=redhat-8 | redhat |
resource-agents-paf
|
< 4.9.0-54.el8 | redhat-8 | x86_64 | |
| Affected | pkg:rpm/redhat/resource-agents-paf?arch=s390x&distro=redhat-8 | redhat |
resource-agents-paf
|
< 4.9.0-54.el8 | redhat-8 | s390x | |
| Affected | pkg:rpm/redhat/resource-agents-paf?arch=ppc64le&distro=redhat-8 | redhat |
resource-agents-paf
|
< 4.9.0-54.el8 | redhat-8 | ppc64le | |
| Affected | pkg:rpm/redhat/resource-agents-paf?arch=aarch64&distro=redhat-8 | redhat |
resource-agents-paf
|
< 4.9.0-54.el8 | redhat-8 | aarch64 | |
| Affected | pkg:rpm/redhat/resource-agents-gcp?arch=x86_64&distro=redhat-8 | redhat |
resource-agents-gcp
|
< 4.9.0-54.el8 | redhat-8 | x86_64 | |
| Affected | pkg:rpm/redhat/resource-agents-aliyun?arch=x86_64&distro=redhat-8 | redhat |
resource-agents-aliyun
|
< 4.9.0-54.el8 | redhat-8 | x86_64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |