ELSA-2024-4422

Опубликовано: 09 июл. 2024

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2024-4422: fence-agents security update (MODERATE)

[4.10.0-62.4]

bundled urllib3: fix CVE-2024-37891 Resolves: RHEL-43956

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

fence-agents-all

4.10.0-62.el9_4.4

fence-agents-amt-ws

4.10.0-62.el9_4.4

fence-agents-apc

4.10.0-62.el9_4.4

fence-agents-apc-snmp

4.10.0-62.el9_4.4

fence-agents-bladecenter

4.10.0-62.el9_4.4

fence-agents-brocade

4.10.0-62.el9_4.4

fence-agents-cisco-mds

4.10.0-62.el9_4.4

fence-agents-cisco-ucs

4.10.0-62.el9_4.4

fence-agents-common

4.10.0-62.el9_4.4

fence-agents-drac5

4.10.0-62.el9_4.4

fence-agents-eaton-snmp

4.10.0-62.el9_4.4

fence-agents-emerson

4.10.0-62.el9_4.4

fence-agents-eps

4.10.0-62.el9_4.4

fence-agents-heuristics-ping

4.10.0-62.el9_4.4

fence-agents-hpblade

4.10.0-62.el9_4.4

fence-agents-ibm-powervs

4.10.0-62.el9_4.4

fence-agents-ibm-vpc

4.10.0-62.el9_4.4

fence-agents-ibmblade

4.10.0-62.el9_4.4

fence-agents-ifmib

4.10.0-62.el9_4.4

fence-agents-ilo-moonshot

4.10.0-62.el9_4.4

fence-agents-ilo-mp

4.10.0-62.el9_4.4

fence-agents-ilo-ssh

4.10.0-62.el9_4.4

fence-agents-ilo2

4.10.0-62.el9_4.4

fence-agents-intelmodular

4.10.0-62.el9_4.4

fence-agents-ipdu

4.10.0-62.el9_4.4

fence-agents-ipmilan

4.10.0-62.el9_4.4

fence-agents-kdump

4.10.0-62.el9_4.4

fence-agents-kubevirt

4.10.0-62.el9_4.4

fence-agents-lpar

4.10.0-62.el9_4.4

fence-agents-mpath

4.10.0-62.el9_4.4

fence-agents-redfish

4.10.0-62.el9_4.4

fence-agents-rhevm

4.10.0-62.el9_4.4

fence-agents-rsa

4.10.0-62.el9_4.4

fence-agents-rsb

4.10.0-62.el9_4.4

fence-agents-sbd

4.10.0-62.el9_4.4

fence-agents-scsi

4.10.0-62.el9_4.4

fence-agents-virsh

4.10.0-62.el9_4.4

fence-agents-vmware-rest

4.10.0-62.el9_4.4

fence-agents-vmware-soap

4.10.0-62.el9_4.4

fence-agents-wti

4.10.0-62.el9_4.4

Oracle Linux x86_64

fence-agents-all

4.10.0-62.el9_4.4

fence-agents-amt-ws

4.10.0-62.el9_4.4

fence-agents-apc

4.10.0-62.el9_4.4

fence-agents-apc-snmp

4.10.0-62.el9_4.4

fence-agents-bladecenter

4.10.0-62.el9_4.4

fence-agents-brocade

4.10.0-62.el9_4.4

fence-agents-cisco-mds

4.10.0-62.el9_4.4

fence-agents-cisco-ucs

4.10.0-62.el9_4.4

fence-agents-common

4.10.0-62.el9_4.4

fence-agents-compute

4.10.0-62.el9_4.4

fence-agents-drac5

4.10.0-62.el9_4.4

fence-agents-eaton-snmp

4.10.0-62.el9_4.4

fence-agents-emerson

4.10.0-62.el9_4.4

fence-agents-eps

4.10.0-62.el9_4.4

fence-agents-heuristics-ping

4.10.0-62.el9_4.4

fence-agents-hpblade

4.10.0-62.el9_4.4

fence-agents-ibm-powervs

4.10.0-62.el9_4.4

fence-agents-ibm-vpc

4.10.0-62.el9_4.4

fence-agents-ibmblade

4.10.0-62.el9_4.4

fence-agents-ifmib

4.10.0-62.el9_4.4

fence-agents-ilo-moonshot

4.10.0-62.el9_4.4

fence-agents-ilo-mp

4.10.0-62.el9_4.4

fence-agents-ilo-ssh

4.10.0-62.el9_4.4

fence-agents-ilo2

4.10.0-62.el9_4.4

fence-agents-intelmodular

4.10.0-62.el9_4.4

fence-agents-ipdu

4.10.0-62.el9_4.4

fence-agents-ipmilan

4.10.0-62.el9_4.4

fence-agents-kdump

4.10.0-62.el9_4.4

fence-agents-kubevirt

4.10.0-62.el9_4.4

fence-agents-lpar

4.10.0-62.el9_4.4

fence-agents-mpath

4.10.0-62.el9_4.4

fence-agents-redfish

4.10.0-62.el9_4.4

fence-agents-rhevm

4.10.0-62.el9_4.4

fence-agents-rsa

4.10.0-62.el9_4.4

fence-agents-rsb

4.10.0-62.el9_4.4

fence-agents-sbd

4.10.0-62.el9_4.4

fence-agents-scsi

4.10.0-62.el9_4.4

fence-agents-virsh

4.10.0-62.el9_4.4

fence-agents-vmware-rest

4.10.0-62.el9_4.4

fence-agents-vmware-soap

4.10.0-62.el9_4.4

fence-agents-wti

4.10.0-62.el9_4.4

fence-virt

4.10.0-62.el9_4.4

fence-virtd

4.10.0-62.el9_4.4

fence-virtd-cpg

4.10.0-62.el9_4.4

fence-virtd-libvirt

4.10.0-62.el9_4.4

fence-virtd-multicast

4.10.0-62.el9_4.4

fence-virtd-serial

4.10.0-62.el9_4.4

fence-virtd-tcp

4.10.0-62.el9_4.4

Связанные CVE

CVE-2024-37891

Ссылки на источники

Связанные уязвимости

CVE-2024-37891

CVSS3: 4.4

ubuntu

около 1 года назад

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable au...