resource-agents-4.1.1-98.el8

エラータID: AXSA:2021-2804:10

Release date: 
Monday, December 20, 2021 - 10:35
Subject: 
resource-agents-4.1.1-98.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.

Security Fix(es):

* python-pygments: Infinite loop in SML lexer may lead to DoS (CVE-2021-20270)
* python-pygments: ReDoS in multiple lexers (CVE-2021-27291)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-20270
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
CVE-2021-27291
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.

Solution: 

Update packages.

CVEs: 
CVE-2021-20270
An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file, as demonstrated by input that only contains the "exception" keyword.
CVE-2021-27291
In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
Additional Info: 

N/A

Download: 

SRPMS
  1. resource-agents-4.1.1-98.el8.src.rpm
    MD5: 1756b7574a3ec41b2d6d723e5e5fc5f1
    SHA-256: 8cb2f960dae3851740cb51f1adbbfc9cfb1795818574c1be26988076f8486903
    Size: 37.27 MB

Asianux Server 8 for x86_64
  1. resource-agents-4.1.1-98.el8.x86_64.rpm
    MD5: f11e86ac69b996f1a98529fbaf1b3a99
    SHA-256: f07c67be71d36941276c496d54b9b74ce5deeffdd015fef3f82396b5c315c838
    Size: 500.09 kB
  2. resource-agents-aliyun-4.1.1-98.el8.x86_64.rpm
    MD5: 0d11e756ff673eafa72735006e658729
    SHA-256: 42689280b65c593ff51757abca9915c6c7e80caab6842e749093c3741e074ad4
    Size: 6.80 MB
  3. resource-agents-gcp-4.1.1-98.el8.x86_64.rpm
    MD5: 2c5673521d6fdcba5ff990be67475258
    SHA-256: 66af388dd619709e06007a1ecae3251fac2e0ac17db519997acdc616f6312815
    Size: 9.39 MB