Описание
Security update for fence-agents
This update for fence-agents version 4.4.0 fixes the following issues:
Security issue fixed:
- CVE-2019-10153: Fixed a denial of service via guest VM comments (bsc#1137314).
Non-security issue fixed:
- Included timestamps when logging (bsc#1049852).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
fence-agents-4.4.0+git.1558595666.5f79f9e9-lp150.2.10.1
fence-agents-amt_ws-4.4.0+git.1558595666.5f79f9e9-lp150.2.10.1
fence-agents-devel-4.4.0+git.1558595666.5f79f9e9-lp150.2.10.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1719-1
- SUSE Security Ratings
- SUSE Bug 1049852
- SUSE Bug 1137314
- SUSE CVE CVE-2019-10153 page
Описание
A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.
Затронутые продукты
openSUSE Leap 15.0:fence-agents-4.4.0+git.1558595666.5f79f9e9-lp150.2.10.1
openSUSE Leap 15.0:fence-agents-amt_ws-4.4.0+git.1558595666.5f79f9e9-lp150.2.10.1
openSUSE Leap 15.0:fence-agents-devel-4.4.0+git.1558595666.5f79f9e9-lp150.2.10.1
Ссылки
- CVE-2019-10153
- SUSE Bug 1137314