Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-14999

Опубликовано: 03 сент. 2025
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2025-14999: resource-agents security update (MODERATE)

[4.9.0-54.16]

  • bundled requests: fix CVE-2024-47081

    Resolves: RHEL-104761

[4.9.0-54.15]

  • ocf-shellfuncs/AWS agents: dont sleep after the final try in curl_retry()

    Resolves: RHEL-102731

[4.9.0-54.13]

  • Filesystem: add support for aznfs

    Resolves: RHEL-91257

[4.9.0-54.12]

  • tomcat: fix CATALINA_PID not set, and catalina_base and catalina_out parameter defaults

    Resolves: RHEL-85048

[4.9.0-54.11]

  • AWS agents: reuse IMDS token until it expires

    Resolves: RHEL-81960

[4.9.0-54.10]

  • portblock: fix iptables version detection

    Resolves: RHEL-79823

[4.9.0-54.8]

  • openstack-cinder-volume: wait for volume to be available

    Resolves: RHEL-72956

[4.9.0-54.6]

  • Filesystem: dont kill unrelated processes during stop-action

    Resolves: RHEL-69297

[4.9.0-54.5]

  • nfsserver: also stop rpc-statd for nfsv4_only to avoid stop failing in some cases

    Resolves: RHEL-61138

[4.9.0-54.4]

  • bundled setuptools: fix CVE-2024-6345

    Resolves: RHEL-50360

[4.9.0-54.3]

  • gcp-pd-move: fix TLS_VERSION_1 issue

    Resolves: RHEL-50041

[4.9.0-54.2]

  • bundled urllib3: fix CVE-2024-37891

    Resolves: RHEL-44923

[4.9.0-54.1]

  • AWS agents: retry failed metadata requests to avoid instantly failing when there is a hiccup in the network or metadata service

  • db2: fix OCF_SUCESS typo

    Resolves: RHEL-34137, RHEL-32828

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

resource-agents

4.9.0-54.el8_10.16

Oracle Linux x86_64

resource-agents

4.9.0-54.el8_10.16

Связанные CVE

CVE-2024-47081

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2024-47081

CVSS3: 5.3
ubuntu
5 месяцев назад

Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

redhat логотип

CVE-2024-47081

CVSS3: 5.3
redhat
5 месяцев назад

Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

nvd логотип

CVE-2024-47081

CVSS3: 5.3
nvd
5 месяцев назад

Requests is a HTTP library. Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Users should upgrade to version 2.32.4 to receive a fix. For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on one's Requests Session.

msrc логотип

CVE-2024-47081

CVSS3: 5.3
msrc
4 месяца назад

Requests vulnerable to .netrc credentials leak via malicious URLs

debian логотип

CVE-2024-47081

CVSS3: 5.3
debian
5 месяцев назад

Requests is a HTTP library. Due to a URL parsing issue, Requests relea ...