Описание
ELSA-2023-2161: fence-agents security and bug fix update (MODERATE)
[4.10.0-43]
- fence_vmware_soap: set login_timeout lower than default pcmk_monitor_timeout (20s) to remove tmp dirs Resolves: rhbz#2122944
[4.10.0-42]
- fencing/fence_wti: add --plug-separator to be able to avoid characters that are in node name(s) Resolves: rhbz#2152107
[4.10.0-41]
- fence_scsi: skip key generation during validate-all action Resolves: rhbz#2160480
[4.10.0-40]
-
fence_virtd: add info about multiple uuid/ip entries to manpage
Resolves: rhbz#2149655
[4.10.0-39]
-
fence_virtd: warn if config or key file(s) are not mode 600
Resolves: rhbz#2144531
[4.10.0-37]
- Upgrade bundled python-oauthlib Resolves: rhbz#2128564
[4.10.0-36]
- fence_virtd: add link to uri examples and uri w/socket path example for when VMS are run as non-root user to manpage Resolves: rhbz#2138823
[4.10.0-35]
- fence_ibm_powervs: improve defaults Resolves: rhbz#2136191
[4.10.0-34]
- fence_lpar: only output additional output info on DEBUG level Resolves: rhbz#2134015
[4.10.0-33]
- fence_virt: add note that reboot-action doesnt power on nodes that are powered off Resolves: rhbz#2132008
[4.10.0-32]
- add azure-identity and dependencies Resolves: rhbz#2121546
[4.10.0-31]
- fence_ibm_vpc: add token cache support Resolves: rhbz#2111998
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
fence-agents-common
4.10.0-43.el9
fence-agents-ibm-powervs
4.10.0-43.el9
fence-agents-ibm-vpc
4.10.0-43.el9
fence-agents-kubevirt
4.10.0-43.el9
fence-agents-virsh
4.10.0-43.el9
Oracle Linux x86_64
fence-agents-common
4.10.0-43.el9
fence-agents-compute
4.10.0-43.el9
fence-agents-ibm-powervs
4.10.0-43.el9
fence-agents-ibm-vpc
4.10.0-43.el9
fence-agents-kubevirt
4.10.0-43.el9
fence-agents-virsh
4.10.0-43.el9
fence-virt
4.10.0-43.el9
fence-virtd
4.10.0-43.el9
fence-virtd-cpg
4.10.0-43.el9
fence-virtd-libvirt
4.10.0-43.el9
fence-virtd-multicast
4.10.0-43.el9
fence-virtd-serial
4.10.0-43.el9
fence-virtd-tcp
4.10.0-43.el9
Связанные CVE
Связанные уязвимости
OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.
OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.
OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.
OAuthLib is an implementation of the OAuth request-signing logic for P ...
