Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-6309

Опубликовано: 04 сент. 2024
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2024-6309: fence-agents security update (MODERATE)

[4.2.1-129.4]

  • bundled setuptools: fix CVE-2024-6345 Resolves: RHEL-50223

[4.2.1-129.3]

  • bundled urllib3: fix CVE-2024-37891 Resolves: RHEL-43568

[4.2.1-129.2]

  • fence_eps: add fence_epsr2 for ePowerSwitch R2 and newer Resolves: RHEL-7734
  • bundled jinja2: fix CVE-2024-34064 Resolves: RHEL-35655

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

fence-agents-all

4.2.1-129.el8_10.4

fence-agents-amt-ws

4.2.1-129.el8_10.4

fence-agents-apc

4.2.1-129.el8_10.4

fence-agents-apc-snmp

4.2.1-129.el8_10.4

fence-agents-bladecenter

4.2.1-129.el8_10.4

fence-agents-brocade

4.2.1-129.el8_10.4

fence-agents-cisco-mds

4.2.1-129.el8_10.4

fence-agents-cisco-ucs

4.2.1-129.el8_10.4

fence-agents-common

4.2.1-129.el8_10.4

fence-agents-compute

4.2.1-129.el8_10.4

fence-agents-drac5

4.2.1-129.el8_10.4

fence-agents-eaton-snmp

4.2.1-129.el8_10.4

fence-agents-emerson

4.2.1-129.el8_10.4

fence-agents-eps

4.2.1-129.el8_10.4

fence-agents-heuristics-ping

4.2.1-129.el8_10.4

fence-agents-hpblade

4.2.1-129.el8_10.4

fence-agents-ibm-powervs

4.2.1-129.el8_10.4

fence-agents-ibm-vpc

4.2.1-129.el8_10.4

fence-agents-ibmblade

4.2.1-129.el8_10.4

fence-agents-ifmib

4.2.1-129.el8_10.4

fence-agents-ilo-moonshot

4.2.1-129.el8_10.4

fence-agents-ilo-mp

4.2.1-129.el8_10.4

fence-agents-ilo-ssh

4.2.1-129.el8_10.4

fence-agents-ilo2

4.2.1-129.el8_10.4

fence-agents-intelmodular

4.2.1-129.el8_10.4

fence-agents-ipdu

4.2.1-129.el8_10.4

fence-agents-ipmilan

4.2.1-129.el8_10.4

fence-agents-kdump

4.2.1-129.el8_10.4

fence-agents-kubevirt

4.2.1-129.el8_10.4

fence-agents-mpath

4.2.1-129.el8_10.4

fence-agents-redfish

4.2.1-129.el8_10.4

fence-agents-rhevm

4.2.1-129.el8_10.4

fence-agents-rsa

4.2.1-129.el8_10.4

fence-agents-rsb

4.2.1-129.el8_10.4

fence-agents-sbd

4.2.1-129.el8_10.4

fence-agents-scsi

4.2.1-129.el8_10.4

fence-agents-virsh

4.2.1-129.el8_10.4

fence-agents-vmware-rest

4.2.1-129.el8_10.4

fence-agents-vmware-soap

4.2.1-129.el8_10.4

fence-agents-wti

4.2.1-129.el8_10.4

Oracle Linux x86_64

fence-agents-all

4.2.1-129.el8_10.4

fence-agents-amt-ws

4.2.1-129.el8_10.4

fence-agents-apc

4.2.1-129.el8_10.4

fence-agents-apc-snmp

4.2.1-129.el8_10.4

fence-agents-bladecenter

4.2.1-129.el8_10.4

fence-agents-brocade

4.2.1-129.el8_10.4

fence-agents-cisco-mds

4.2.1-129.el8_10.4

fence-agents-cisco-ucs

4.2.1-129.el8_10.4

fence-agents-common

4.2.1-129.el8_10.4

fence-agents-compute

4.2.1-129.el8_10.4

fence-agents-drac5

4.2.1-129.el8_10.4

fence-agents-eaton-snmp

4.2.1-129.el8_10.4

fence-agents-emerson

4.2.1-129.el8_10.4

fence-agents-eps

4.2.1-129.el8_10.4

fence-agents-heuristics-ping

4.2.1-129.el8_10.4

fence-agents-hpblade

4.2.1-129.el8_10.4

fence-agents-ibm-powervs

4.2.1-129.el8_10.4

fence-agents-ibm-vpc

4.2.1-129.el8_10.4

fence-agents-ibmblade

4.2.1-129.el8_10.4

fence-agents-ifmib

4.2.1-129.el8_10.4

fence-agents-ilo-moonshot

4.2.1-129.el8_10.4

fence-agents-ilo-mp

4.2.1-129.el8_10.4

fence-agents-ilo-ssh

4.2.1-129.el8_10.4

fence-agents-ilo2

4.2.1-129.el8_10.4

fence-agents-intelmodular

4.2.1-129.el8_10.4

fence-agents-ipdu

4.2.1-129.el8_10.4

fence-agents-ipmilan

4.2.1-129.el8_10.4

fence-agents-kdump

4.2.1-129.el8_10.4

fence-agents-kubevirt

4.2.1-129.el8_10.4

fence-agents-lpar

4.2.1-129.el8_10.4

fence-agents-mpath

4.2.1-129.el8_10.4

fence-agents-redfish

4.2.1-129.el8_10.4

fence-agents-rhevm

4.2.1-129.el8_10.4

fence-agents-rsa

4.2.1-129.el8_10.4

fence-agents-rsb

4.2.1-129.el8_10.4

fence-agents-sbd

4.2.1-129.el8_10.4

fence-agents-scsi

4.2.1-129.el8_10.4

fence-agents-virsh

4.2.1-129.el8_10.4

fence-agents-vmware-rest

4.2.1-129.el8_10.4

fence-agents-vmware-soap

4.2.1-129.el8_10.4

fence-agents-wti

4.2.1-129.el8_10.4

Связанные CVE

CVE-2024-37891
CVE-2024-6345

Ссылки на источники

Связанные уязвимости

rocky логотип

RLSA-2024:6309

rocky
около 1 месяца назад

Moderate: fence-agents security update

oracle-oval логотип

ELSA-2024-6311

oracle-oval
10 месяцев назад

ELSA-2024-6311: resource-agents security update (MODERATE)

ubuntu логотип

CVE-2024-37891

CVSS3: 4.4
ubuntu
около 1 года назад

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable au...

redhat логотип

CVE-2024-37891

CVSS3: 4.4
redhat
около 1 года назад

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable au...

nvd логотип

CVE-2024-37891

CVSS3: 4.4
nvd
около 1 года назад

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable auto