Описание
ELSA-2020-5004: resource-agents security and bug fix update (LOW)
[4.1.1-61.4]
-
Upgrade bundled python-httplib2 to fix CVE-2020-11078
Resolves: rhbz#1850992
[4.1.1-61.2]
-
azure-lb: fix redirect issue
Resolves: rhbz#1850779
[4.1.1-61.1]
-
gcp-vpc-move-vip: add support for multiple alias IPs
-
sybaseASE: run verify action during start action only
-
azure-events: handle exceptions in urlopen
Resolves: rhbz#1846732 Resolves: rhbz#1848673 Resolves: rhbz#1862121
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
resource-agents
4.1.1-61.el7_9.4
Oracle Linux x86_64
resource-agents
4.1.1-61.el7_9.4
resource-agents-aliyun
4.1.1-61.el7_9.4
resource-agents-gcp
4.1.1-61.el7_9.4
Связанные CVE
Связанные уязвимости
In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.
In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.
In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.
In httplib2 before version 0.18.0, an attacker controlling unescaped p ...
