fence-agents-4.10.0-62.el9

エラータID: AXSA:2024-7883:05

Release date: 
Thursday, May 30, 2024 - 11:14
Subject: 
fence-agents-4.10.0-62.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.

Security Fix(es):

* urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803)
* pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex (CVE-2023-52323)
* jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.4 Release Notes linked from the References section.

CVE-2023-45803
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.
CVE-2023-52323
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
CVE-2024-22195
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.

Solution: 

Update packages.

CVEs: 
CVE-2023-45803
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.
CVE-2023-52323
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
CVE-2024-22195
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.
Additional Info: 

N/A

Download: 

SRPMS
  1. fence-agents-4.10.0-62.el9.src.rpm
    MD5: 261f0d963d85a9d7d051853145a2753f
    SHA-256: fa51f756eb55112b5e6abcde17fcb9a583b1d7e1494d37f264234da47432cd25
    Size: 68.41 MB

Asianux Server 9 for x86_64
  1. fence-agents-aliyun-4.10.0-62.el9.x86_64.rpm
    MD5: fe4947af337a40b94c38b47e25c6f911
    SHA-256: c2342e8955bf7a67cf8e73045ed95659304f329836ce8cc554a854138dbb3697
    Size: 15.38 kB
  2. fence-agents-all-4.10.0-62.el9.x86_64.rpm
    MD5: bbd4c766d261cc87060825a29fa1b0c5
    SHA-256: 9966c5f37062166835ce583796e464879af1920587e597883c1473e88ff885ed
    Size: 12.24 kB
  3. fence-agents-amt-ws-4.10.0-62.el9.noarch.rpm
    MD5: d0fd1b17e70b4b998c18e753431e4e5b
    SHA-256: 569684350de2d79ef4b0a82ce05376e5fe625803d8dc64184817ad280b3f27d8
    Size: 16.25 kB
  4. fence-agents-apc-4.10.0-62.el9.noarch.rpm
    MD5: 6b44be352f6b4365d48a6bec00c7b0b4
    SHA-256: 441d67a1ab5bd9728b6cc4dc3ad55808dd0f2552ea898f420af477e016847d14
    Size: 16.38 kB
  5. fence-agents-apc-snmp-4.10.0-62.el9.noarch.rpm
    MD5: 0935a42f65c810a143fa5e339efcdb21
    SHA-256: 3e32120257914dc222ec63aae85adb86bb6a4784ede29a248a9307287eba92c5
    Size: 18.73 kB
  6. fence-agents-aws-4.10.0-62.el9.x86_64.rpm
    MD5: aacdcadf9fca31c58708c7dcbefd1eeb
    SHA-256: e7a7218a05495f9a380febe302ca9e709a1954a62c33451237ac02163e104a44
    Size: 16.41 kB
  7. fence-agents-azure-arm-4.10.0-62.el9.x86_64.rpm
    MD5: f680d258d59757397b173d333e779d2e
    SHA-256: 750ad1ea47b6c5159d9554e9d4df8a8c820074a105d0920a2c27d086c12f221c
    Size: 25.78 kB
  8. fence-agents-bladecenter-4.10.0-62.el9.noarch.rpm
    MD5: 03c941992e79862d54c555c41169cb45
    SHA-256: 301d7b2fcb8833b015f88714e8508720ca6b5eecb4b7b4327d2965b799ba944a
    Size: 15.41 kB
  9. fence-agents-brocade-4.10.0-62.el9.noarch.rpm
    MD5: c32553224000ec0590e165d221489043
    SHA-256: e8fb656a864784ff88bcd32b733ca2c28e4f67297c17e996983ee3d88517918b
    Size: 15.51 kB
  10. fence-agents-cisco-mds-4.10.0-62.el9.noarch.rpm
    MD5: 6b1ebc1f46b3b445a682d2b87f332240
    SHA-256: 8b62bc444fe7ba158449f76d3a546f553a656801cf50c7b79afad54bbf28d36f
    Size: 15.35 kB
  11. fence-agents-cisco-ucs-4.10.0-62.el9.noarch.rpm
    MD5: 0bc11dadcd7e8e8ee2e72506fa093c1a
    SHA-256: e5e05ccb2c2265d8f1efc20fe5a5b76bd10f0cac463fccb25763e73c5d8add09
    Size: 16.04 kB
  12. fence-agents-common-4.10.0-62.el9.noarch.rpm
    MD5: 1f714a2c124d1038ac05de431ef0f3f0
    SHA-256: e610d33d43984a4990767eaf9d93ca9b031b4d019f83301e559069e1214df724
    Size: 369.85 kB
  13. fence-agents-compute-4.10.0-62.el9.x86_64.rpm
    MD5: f12d1f401468e2aea874105fb5b409e4
    SHA-256: a0dfc176ad0461fa1606a96e7bbfdbf15450824ffcf669f02f8c020593c344b3
    Size: 22.48 kB
  14. fence-agents-drac5-4.10.0-62.el9.noarch.rpm
    MD5: 5cc9a033cce66336d57f0389169fccbf
    SHA-256: 2716dddfb1844732af84b7c78ef77c0ba8e8d22d77b63e49c619ee391933e678
    Size: 16.02 kB
  15. fence-agents-eaton-snmp-4.10.0-62.el9.noarch.rpm
    MD5: a987ee8922a90bf7c4f0427d8b408cbd
    SHA-256: 32a49259cc9bc900373c752ec777046c18f07cd4a7bc6c09cfcddf201b7e9249
    Size: 16.52 kB
  16. fence-agents-emerson-4.10.0-62.el9.noarch.rpm
    MD5: 771576715dd1ac8aa3d94d557c22ae3c
    SHA-256: fa58206c00cd82c4930ffdbe933bcd9fbfdb9215931ac8acbb45196f3675f58f
    Size: 15.00 kB
  17. fence-agents-eps-4.10.0-62.el9.noarch.rpm
    MD5: b0a971c42eea99a161289011c4377617
    SHA-256: 949111283280c83a9e5cd77c2e6776652aa40e03014a27048a26120c7a2cf666
    Size: 15.58 kB
  18. fence-agents-gce-4.10.0-62.el9.x86_64.rpm
    MD5: bb764fd871f0c24b928a35f228f2ad07
    SHA-256: ade1368851fd33f737a85de7812a64e85edbd49a68ddc9e42c0addf469cd3c6a
    Size: 20.37 kB
  19. fence-agents-heuristics-ping-4.10.0-62.el9.noarch.rpm
    MD5: 6e1c657e492225ff6120e09735f8e4de
    SHA-256: 0eca2ab9f4945cd7904941beeffeca91732c562e1ae84f909c13d828616e5769
    Size: 15.89 kB
  20. fence-agents-hpblade-4.10.0-62.el9.noarch.rpm
    MD5: 94e7315edf8ed3601d79ea39f7933fec
    SHA-256: 39910780d3f8890853f83f34bf1aef9a92d8467e5ba5c93051969deaf1881a93
    Size: 15.59 kB
  21. fence-agents-ibmblade-4.10.0-62.el9.noarch.rpm
    MD5: 6247c38836fbb90362e4ee82803925fc
    SHA-256: 92cd6534b0d62687504049ca91c1c535903ffad73c35fcd1caec0ad1a34d139a
    Size: 15.13 kB
  22. fence-agents-ibm-powervs-4.10.0-62.el9.noarch.rpm
    MD5: 5de5fa44b09abcf27b4b1654453a85b3
    SHA-256: 6716cd647b4a7e2d536d164c23ee99bfa07f1f22f8e5e32f8351a1495dfa0e59
    Size: 16.16 kB
  23. fence-agents-ibm-vpc-4.10.0-62.el9.noarch.rpm
    MD5: 2645cee735278468bdb45d8aa1d700f8
    SHA-256: f362cfea91e6fa7aabe4eb0e7850a84f73eb85e92b5834940f5924fd0f710b12
    Size: 16.63 kB
  24. fence-agents-ifmib-4.10.0-62.el9.noarch.rpm
    MD5: fd849a642cbe81033f8845b7e95d471a
    SHA-256: 06a6c585ca2724318afc546546d8ca494dbaf651d7cb6049d97851383fe9b07d
    Size: 15.68 kB
  25. fence-agents-ilo2-4.10.0-62.el9.noarch.rpm
    MD5: ed0efbd7bda470df8149fd5d40418783
    SHA-256: 7579d2c3d316b4e484871fb4b3b27abc3e8636235a2fc20dbcd333682223eb0e
    Size: 17.65 kB
  26. fence-agents-ilo-moonshot-4.10.0-62.el9.noarch.rpm
    MD5: 3ad0179e4bf38303ef25de81e1a9eda4
    SHA-256: 5e5741cb8b8bf82c159bb93e68e341810b4a14f267d04d5c87efcbb28e621823
    Size: 14.91 kB
  27. fence-agents-ilo-mp-4.10.0-62.el9.noarch.rpm
    MD5: d4b932712187787dafa12e1b6e8a7683
    SHA-256: b8bf23d8d097fb43c4aabd0e5e477707b73a6269473cfd10610f0a6e51d3cd26
    Size: 14.66 kB
  28. fence-agents-ilo-ssh-4.10.0-62.el9.noarch.rpm
    MD5: b712e1d68d9e4f721d99cb05c8470f47
    SHA-256: 09845003bbcda98b1a2ca3254682a597b0708ba67661e49785ff2435844b6941
    Size: 21.25 kB
  29. fence-agents-intelmodular-4.10.0-62.el9.noarch.rpm
    MD5: a77e56a703bfcbe16bba7d1a150ad6d8
    SHA-256: b5431f417d5e23e255f2e712eac380f86e191049394c74018716bd0d69ba9c7a
    Size: 15.49 kB
  30. fence-agents-ipdu-4.10.0-62.el9.noarch.rpm
    MD5: 052eaa0576833dfb3e78aec360794926
    SHA-256: 74b9e350ba9b611f7373390c4997a707c8f04a38c0db1d55092272988c5fbb31
    Size: 15.71 kB
  31. fence-agents-ipmilan-4.10.0-62.el9.noarch.rpm
    MD5: e3a40558fb699bddae5a1e02188c98d0
    SHA-256: 7d1b7ab57ae51c69c335838677c948b52187a611eb0d625bc60cc9af13072e0c
    Size: 29.34 kB
  32. fence-agents-kdump-4.10.0-62.el9.x86_64.rpm
    MD5: e53eb329fe6fff2a92690c3736a0e404
    SHA-256: 740ba0ab49a5f059ad29d37edc96a6c23010226e988f81f2e419589aa3b2222b
    Size: 28.06 kB
  33. fence-agents-kubevirt-4.10.0-62.el9.x86_64.rpm
    MD5: 58ad9c7da04fc50ffe6fe18afb74b688
    SHA-256: 71615196a52cb49fe3eb8e9254a44d777d5dcf825e853714b8c75a979ae077f9
    Size: 3.90 MB
  34. fence-agents-mpath-4.10.0-62.el9.noarch.rpm
    MD5: b9f13183e6a447950ba6ca7847a4a130
    SHA-256: c1ff6e86d233f542ecc7ee3078148403ab1db432218915481128732afed1ef7c
    Size: 18.07 kB
  35. fence-agents-openstack-4.10.0-62.el9.x86_64.rpm
    MD5: fd2395b8fd665e08781eb72526595716
    SHA-256: 7b0585816697c24cb16784b96214474d737a91cdf83dc81a67022cb40ae366d9
    Size: 17.12 kB
  36. fence-agents-redfish-4.10.0-62.el9.x86_64.rpm
    MD5: 2b78980352efdf7a4b1eccf28b41d80f
    SHA-256: e15cba6d84d7343cd69dc54fe0fe535a9983daf04ca0e7cdd4aabe03f52096a4
    Size: 16.03 kB
  37. fence-agents-rhevm-4.10.0-62.el9.noarch.rpm
    MD5: 0e7f785a5982e201572b81a380fd22eb
    SHA-256: e0ae7ff72fd2d55c0bc346016d8b00e6aacd82bbc85009f9ef0dab54f533e507
    Size: 16.32 kB
  38. fence-agents-rsa-4.10.0-62.el9.noarch.rpm
    MD5: 42287fc9fb612be43f6dcc24deb4fabb
    SHA-256: 95ccb06e8a94a86957fd0974f721776b2a331644d3966a897da8f8156f3af61a
    Size: 15.05 kB
  39. fence-agents-rsb-4.10.0-62.el9.noarch.rpm
    MD5: 0f5240df0b8fede38268a59e0305f276
    SHA-256: c1137640db9bb558827cc2c926767f02ee5640bf54c46d041cd4ab8dce86b5c3
    Size: 15.09 kB
  40. fence-agents-sbd-4.10.0-62.el9.noarch.rpm
    MD5: 85115b709a300e80bffb7c39fa04d298
    SHA-256: 3c46549247e6b7eba0a2f0199bd3aaf73eedc54507138b374b478f8f2f43f1b9
    Size: 16.71 kB
  41. fence-agents-scsi-4.10.0-62.el9.noarch.rpm
    MD5: 9ca372f21e0c15cf623e003aa784382c
    SHA-256: 42f5811b0775bc93a7067eedf75bd490f81c994a7b07bd8826ea863dda837e7e
    Size: 20.45 kB
  42. fence-agents-virsh-4.10.0-62.el9.noarch.rpm
    MD5: b0b7e4b84d534473cdf8f013c963346c
    SHA-256: 617bb102bbcc8edfc42c1ad05c092dd99fb14edf34bc0f05d0901fc9815a9351
    Size: 15.62 kB
  43. fence-agents-vmware-rest-4.10.0-62.el9.noarch.rpm
    MD5: 8725b94f1cc07034b295e147029476ce
    SHA-256: ba903e502691ce9e56dd77d86f7dd3b8c1eb54b7f9f4f9d5897e8932d357445e
    Size: 16.29 kB
  44. fence-agents-vmware-soap-4.10.0-62.el9.noarch.rpm
    MD5: c72d94887ffe45228042eba7557ba548
    SHA-256: bb32891d4d5909644c8cd31d0841c0d0964063bddba61758208229708e10527b
    Size: 17.22 kB
  45. fence-agents-wti-4.10.0-62.el9.noarch.rpm
    MD5: 2240ae4317892d5f72e958704b0edf17
    SHA-256: 7dd00c94f9a6757c4aa92acc0bc7910c883585a8af6d53340a2b9d78f6e2af06
    Size: 16.63 kB
  46. fence-virt-4.10.0-62.el9.x86_64.rpm
    MD5: 048ecaa220a2ae529d241506ddfda02b
    SHA-256: e4c0383f1d4b92c5ac1c8f7c4785531fa9608ba9b0b9cb38727340d5f0cc7fa1
    Size: 39.97 kB
  47. fence-virtd-4.10.0-62.el9.x86_64.rpm
    MD5: 276e16a8ef72588df556dff96c44ef28
    SHA-256: 4f060062baa23f55f9cdb2e30517b6bd8fec15871228eea3447f440d33af04cb
    Size: 53.27 kB
  48. fence-virtd-cpg-4.10.0-62.el9.x86_64.rpm
    MD5: 43e04d9325ed902be631fe9b0a3f0441
    SHA-256: 26be34168727399508bdeb9e37e819d9a921b76e0f7c4a94ee4891dda021241e
    Size: 36.21 kB
  49. fence-virtd-libvirt-4.10.0-62.el9.x86_64.rpm
    MD5: 3b3b2b24162d3ab367d2d53d95e07b5e
    SHA-256: 07afec810e5c54f1b0d2f337da3ae1ef31614e7118000f1e49c57b0883d33fa3
    Size: 32.72 kB
  50. fence-virtd-multicast-4.10.0-62.el9.x86_64.rpm
    MD5: 0a0f8a10e8cc78a8d83b4f4ac5886f22
    SHA-256: a8cc2280e61a453592896bf1261ae7822c5ce64d033e4a0da1c3ca908b4e6d8a
    Size: 29.63 kB
  51. fence-virtd-serial-4.10.0-62.el9.x86_64.rpm
    MD5: 33123175c862df3fce1c104e618d032d
    SHA-256: 75a7b85aed186394ecb421a434c202b73af6e976b3c17c66f0915d92d22133d7
    Size: 33.17 kB
  52. fence-virtd-tcp-4.10.0-62.el9.x86_64.rpm
    MD5: 8e22aa4cb649bdb7820dbbd0a9679084
    SHA-256: 939e17e02eaa7eda52f5a291181ff978f7f70eb77a7b8e8df4939de254c15c91
    Size: 29.12 kB
  53. ha-cloud-support-4.10.0-62.el9.x86_64.rpm
    MD5: 7165e350b39de0f7b78ae6486644d18f
    SHA-256: 9b6a7750497e375c7dbe360aefe840495cd30c393ab91a5ea44a53fbbc44c64a
    Size: 35.05 MB