Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-2132

Опубликовано: 02 мая 2024
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2024-2132: fence-agents security and bug fix update (MODERATE)

[4.10.0-62]

  • bundled urllib3: fix CVE-2023-45803 Resolves: RHEL-18139
  • bundled pycryptodome: fix CVE-2023-52323 Resolves: RHEL-20917
  • bundled jinja2: fix CVE-2024-22195 Resolves: RHEL-21345

[4.10.0-61]

  • fence_zvmip: document required user permissions in metadata/manpage Resolves: RHEL-14344

[4.10.0-60]

  • all agents: update metadata in non-I/O agents to Power or Network fencing Resolves: RHEL-14030

[4.10.0-57]

  • bundled urllib3: fix CVE-2023-43804 Resolves: RHEL-11999

[4.10.0-56]

  • fence_scsi: fix registration handling if ISID conflicts Resolves: RHEL-5396
  • bundled certifi: fix CVE-2023-37920 Resolves: RHEL-9446

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

fence-agents-common

4.10.0-62.el9

fence-agents-ibm-powervs

4.10.0-62.el9

fence-agents-ibm-vpc

4.10.0-62.el9

fence-agents-kubevirt

4.10.0-62.el9

fence-agents-virsh

4.10.0-62.el9

Oracle Linux x86_64

fence-agents-common

4.10.0-62.el9

fence-agents-compute

4.10.0-62.el9

fence-agents-ibm-powervs

4.10.0-62.el9

fence-agents-ibm-vpc

4.10.0-62.el9

fence-agents-kubevirt

4.10.0-62.el9

fence-agents-virsh

4.10.0-62.el9

fence-virt

4.10.0-62.el9

fence-virtd

4.10.0-62.el9

fence-virtd-cpg

4.10.0-62.el9

fence-virtd-libvirt

4.10.0-62.el9

fence-virtd-multicast

4.10.0-62.el9

fence-virtd-serial

4.10.0-62.el9

fence-virtd-tcp

4.10.0-62.el9

Связанные CVE

CVE-2024-22195
CVE-2023-45803
CVE-2023-52323

Ссылки на источники

Связанные уязвимости

rocky логотип

RLSA-2024:2968

rocky
около 1 года назад

Moderate: fence-agents security and bug fix update

oracle-oval логотип

ELSA-2024-2968

oracle-oval
около 1 года назад

ELSA-2024-2968: fence-agents security and bug fix update (MODERATE)

ubuntu логотип

CVE-2024-22195

CVSS3: 5.4
ubuntu
больше 1 года назад

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.

redhat логотип

CVE-2024-22195

CVSS3: 5.4
redhat
больше 1 года назад

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.

nvd логотип

CVE-2024-22195

CVSS3: 5.4
nvd
больше 1 года назад

Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.