Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:6726

Опубликовано: 30 сент. 2024
Источник: rocky
Оценка: Important

Описание

Important: fence-agents security update

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.

Security Fix(es):

  • pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
fence-agents-commonnoarch62.el9_4.5fence-agents-common-4.10.0-62.el9_4.5.noarch.rpm
fence-agents-computex86_6462.el9_4.5fence-agents-compute-4.10.0-62.el9_4.5.x86_64.rpm
fence-agents-ibm-powervsnoarch62.el9_4.5fence-agents-ibm-powervs-4.10.0-62.el9_4.5.noarch.rpm
fence-agents-ibm-vpcnoarch62.el9_4.5fence-agents-ibm-vpc-4.10.0-62.el9_4.5.noarch.rpm
fence-agents-kubevirtx86_6462.el9_4.5fence-agents-kubevirt-4.10.0-62.el9_4.5.x86_64.rpm
fence-agents-virshnoarch62.el9_4.5fence-agents-virsh-4.10.0-62.el9_4.5.noarch.rpm
fence-virtx86_6462.el9_4.5fence-virt-4.10.0-62.el9_4.5.x86_64.rpm
fence-virtdx86_6462.el9_4.5fence-virtd-4.10.0-62.el9_4.5.x86_64.rpm
fence-virtd-cpgx86_6462.el9_4.5fence-virtd-cpg-4.10.0-62.el9_4.5.x86_64.rpm
fence-virtd-libvirtx86_6462.el9_4.5fence-virtd-libvirt-4.10.0-62.el9_4.5.x86_64.rpm

Показывать по

Связанные CVE

CVE-2024-6345

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2024-6345

CVSS3: 8.8
ubuntu
11 месяцев назад

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

redhat логотип

CVE-2024-6345

CVSS3: 8.8
redhat
11 месяцев назад

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

nvd логотип

CVE-2024-6345

CVSS3: 8.8
nvd
11 месяцев назад

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

msrc логотип

CVE-2024-6345

CVSS3: 8.8
msrc
8 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-6345

CVSS3: 8.8
debian
11 месяцев назад

A vulnerability in the package_index module of pypa/setuptools version ...