fence-agents-4.10.0-62.el9
エラータID: AXSA:2024-7883:05
リリース日:
2024/05/30 Thursday - 11:14
題名:
fence-agents-4.10.0-62.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- urllib には、リクエスト内のメソッドを POST などの本文を
受け入れることができるメソッドから GET に変更し、かつ
レスポンスコード 301、302、および 303 を使用して HTTP
リダイレクト応答を返した際に HTTP リクエストの本文を
削除しない問題があるため、近隣ネットワーク上の攻撃者に
より、情報の漏洩を可能とする脆弱性が存在します。
(CVE-2023-45803)
- PyCryptodome および pycryptodomex の OAEP 復号化処理
には、サイドチャネル情報漏洩の問題があるため、Manger
攻撃とこれによる不正な暗号文の復号を可能とする脆弱性が
存在します。(CVE-2023-52323)
- Jinja の xmlattr フィルターには、HTML テンプレート内に
任意の HTML 属性値を挿入できてしまう問題があるため、
リモートの攻撃者により、細工された HTML テンプレート
を介して、クロスサイトスクリプティング攻撃を可能とする
脆弱性が存在します。(CVE-2024-22195)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-45803
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.
CVE-2023-52323
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
CVE-2024-22195
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.
Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based.
追加情報:
N/A
ダウンロード:
SRPMS
- fence-agents-4.10.0-62.el9.src.rpm
MD5: 261f0d963d85a9d7d051853145a2753f
SHA-256: fa51f756eb55112b5e6abcde17fcb9a583b1d7e1494d37f264234da47432cd25
Size: 68.41 MB
Asianux Server 9 for x86_64
- fence-agents-aliyun-4.10.0-62.el9.x86_64.rpm
MD5: fe4947af337a40b94c38b47e25c6f911
SHA-256: c2342e8955bf7a67cf8e73045ed95659304f329836ce8cc554a854138dbb3697
Size: 15.38 kB - fence-agents-all-4.10.0-62.el9.x86_64.rpm
MD5: bbd4c766d261cc87060825a29fa1b0c5
SHA-256: 9966c5f37062166835ce583796e464879af1920587e597883c1473e88ff885ed
Size: 12.24 kB - fence-agents-amt-ws-4.10.0-62.el9.noarch.rpm
MD5: d0fd1b17e70b4b998c18e753431e4e5b
SHA-256: 569684350de2d79ef4b0a82ce05376e5fe625803d8dc64184817ad280b3f27d8
Size: 16.25 kB - fence-agents-apc-4.10.0-62.el9.noarch.rpm
MD5: 6b44be352f6b4365d48a6bec00c7b0b4
SHA-256: 441d67a1ab5bd9728b6cc4dc3ad55808dd0f2552ea898f420af477e016847d14
Size: 16.38 kB - fence-agents-apc-snmp-4.10.0-62.el9.noarch.rpm
MD5: 0935a42f65c810a143fa5e339efcdb21
SHA-256: 3e32120257914dc222ec63aae85adb86bb6a4784ede29a248a9307287eba92c5
Size: 18.73 kB - fence-agents-aws-4.10.0-62.el9.x86_64.rpm
MD5: aacdcadf9fca31c58708c7dcbefd1eeb
SHA-256: e7a7218a05495f9a380febe302ca9e709a1954a62c33451237ac02163e104a44
Size: 16.41 kB - fence-agents-azure-arm-4.10.0-62.el9.x86_64.rpm
MD5: f680d258d59757397b173d333e779d2e
SHA-256: 750ad1ea47b6c5159d9554e9d4df8a8c820074a105d0920a2c27d086c12f221c
Size: 25.78 kB - fence-agents-bladecenter-4.10.0-62.el9.noarch.rpm
MD5: 03c941992e79862d54c555c41169cb45
SHA-256: 301d7b2fcb8833b015f88714e8508720ca6b5eecb4b7b4327d2965b799ba944a
Size: 15.41 kB - fence-agents-brocade-4.10.0-62.el9.noarch.rpm
MD5: c32553224000ec0590e165d221489043
SHA-256: e8fb656a864784ff88bcd32b733ca2c28e4f67297c17e996983ee3d88517918b
Size: 15.51 kB - fence-agents-cisco-mds-4.10.0-62.el9.noarch.rpm
MD5: 6b1ebc1f46b3b445a682d2b87f332240
SHA-256: 8b62bc444fe7ba158449f76d3a546f553a656801cf50c7b79afad54bbf28d36f
Size: 15.35 kB - fence-agents-cisco-ucs-4.10.0-62.el9.noarch.rpm
MD5: 0bc11dadcd7e8e8ee2e72506fa093c1a
SHA-256: e5e05ccb2c2265d8f1efc20fe5a5b76bd10f0cac463fccb25763e73c5d8add09
Size: 16.04 kB - fence-agents-common-4.10.0-62.el9.noarch.rpm
MD5: 1f714a2c124d1038ac05de431ef0f3f0
SHA-256: e610d33d43984a4990767eaf9d93ca9b031b4d019f83301e559069e1214df724
Size: 369.85 kB - fence-agents-compute-4.10.0-62.el9.x86_64.rpm
MD5: f12d1f401468e2aea874105fb5b409e4
SHA-256: a0dfc176ad0461fa1606a96e7bbfdbf15450824ffcf669f02f8c020593c344b3
Size: 22.48 kB - fence-agents-drac5-4.10.0-62.el9.noarch.rpm
MD5: 5cc9a033cce66336d57f0389169fccbf
SHA-256: 2716dddfb1844732af84b7c78ef77c0ba8e8d22d77b63e49c619ee391933e678
Size: 16.02 kB - fence-agents-eaton-snmp-4.10.0-62.el9.noarch.rpm
MD5: a987ee8922a90bf7c4f0427d8b408cbd
SHA-256: 32a49259cc9bc900373c752ec777046c18f07cd4a7bc6c09cfcddf201b7e9249
Size: 16.52 kB - fence-agents-emerson-4.10.0-62.el9.noarch.rpm
MD5: 771576715dd1ac8aa3d94d557c22ae3c
SHA-256: fa58206c00cd82c4930ffdbe933bcd9fbfdb9215931ac8acbb45196f3675f58f
Size: 15.00 kB - fence-agents-eps-4.10.0-62.el9.noarch.rpm
MD5: b0a971c42eea99a161289011c4377617
SHA-256: 949111283280c83a9e5cd77c2e6776652aa40e03014a27048a26120c7a2cf666
Size: 15.58 kB - fence-agents-gce-4.10.0-62.el9.x86_64.rpm
MD5: bb764fd871f0c24b928a35f228f2ad07
SHA-256: ade1368851fd33f737a85de7812a64e85edbd49a68ddc9e42c0addf469cd3c6a
Size: 20.37 kB - fence-agents-heuristics-ping-4.10.0-62.el9.noarch.rpm
MD5: 6e1c657e492225ff6120e09735f8e4de
SHA-256: 0eca2ab9f4945cd7904941beeffeca91732c562e1ae84f909c13d828616e5769
Size: 15.89 kB - fence-agents-hpblade-4.10.0-62.el9.noarch.rpm
MD5: 94e7315edf8ed3601d79ea39f7933fec
SHA-256: 39910780d3f8890853f83f34bf1aef9a92d8467e5ba5c93051969deaf1881a93
Size: 15.59 kB - fence-agents-ibmblade-4.10.0-62.el9.noarch.rpm
MD5: 6247c38836fbb90362e4ee82803925fc
SHA-256: 92cd6534b0d62687504049ca91c1c535903ffad73c35fcd1caec0ad1a34d139a
Size: 15.13 kB - fence-agents-ibm-powervs-4.10.0-62.el9.noarch.rpm
MD5: 5de5fa44b09abcf27b4b1654453a85b3
SHA-256: 6716cd647b4a7e2d536d164c23ee99bfa07f1f22f8e5e32f8351a1495dfa0e59
Size: 16.16 kB - fence-agents-ibm-vpc-4.10.0-62.el9.noarch.rpm
MD5: 2645cee735278468bdb45d8aa1d700f8
SHA-256: f362cfea91e6fa7aabe4eb0e7850a84f73eb85e92b5834940f5924fd0f710b12
Size: 16.63 kB - fence-agents-ifmib-4.10.0-62.el9.noarch.rpm
MD5: fd849a642cbe81033f8845b7e95d471a
SHA-256: 06a6c585ca2724318afc546546d8ca494dbaf651d7cb6049d97851383fe9b07d
Size: 15.68 kB - fence-agents-ilo2-4.10.0-62.el9.noarch.rpm
MD5: ed0efbd7bda470df8149fd5d40418783
SHA-256: 7579d2c3d316b4e484871fb4b3b27abc3e8636235a2fc20dbcd333682223eb0e
Size: 17.65 kB - fence-agents-ilo-moonshot-4.10.0-62.el9.noarch.rpm
MD5: 3ad0179e4bf38303ef25de81e1a9eda4
SHA-256: 5e5741cb8b8bf82c159bb93e68e341810b4a14f267d04d5c87efcbb28e621823
Size: 14.91 kB - fence-agents-ilo-mp-4.10.0-62.el9.noarch.rpm
MD5: d4b932712187787dafa12e1b6e8a7683
SHA-256: b8bf23d8d097fb43c4aabd0e5e477707b73a6269473cfd10610f0a6e51d3cd26
Size: 14.66 kB - fence-agents-ilo-ssh-4.10.0-62.el9.noarch.rpm
MD5: b712e1d68d9e4f721d99cb05c8470f47
SHA-256: 09845003bbcda98b1a2ca3254682a597b0708ba67661e49785ff2435844b6941
Size: 21.25 kB - fence-agents-intelmodular-4.10.0-62.el9.noarch.rpm
MD5: a77e56a703bfcbe16bba7d1a150ad6d8
SHA-256: b5431f417d5e23e255f2e712eac380f86e191049394c74018716bd0d69ba9c7a
Size: 15.49 kB - fence-agents-ipdu-4.10.0-62.el9.noarch.rpm
MD5: 052eaa0576833dfb3e78aec360794926
SHA-256: 74b9e350ba9b611f7373390c4997a707c8f04a38c0db1d55092272988c5fbb31
Size: 15.71 kB - fence-agents-ipmilan-4.10.0-62.el9.noarch.rpm
MD5: e3a40558fb699bddae5a1e02188c98d0
SHA-256: 7d1b7ab57ae51c69c335838677c948b52187a611eb0d625bc60cc9af13072e0c
Size: 29.34 kB - fence-agents-kdump-4.10.0-62.el9.x86_64.rpm
MD5: e53eb329fe6fff2a92690c3736a0e404
SHA-256: 740ba0ab49a5f059ad29d37edc96a6c23010226e988f81f2e419589aa3b2222b
Size: 28.06 kB - fence-agents-kubevirt-4.10.0-62.el9.x86_64.rpm
MD5: 58ad9c7da04fc50ffe6fe18afb74b688
SHA-256: 71615196a52cb49fe3eb8e9254a44d777d5dcf825e853714b8c75a979ae077f9
Size: 3.90 MB - fence-agents-mpath-4.10.0-62.el9.noarch.rpm
MD5: b9f13183e6a447950ba6ca7847a4a130
SHA-256: c1ff6e86d233f542ecc7ee3078148403ab1db432218915481128732afed1ef7c
Size: 18.07 kB - fence-agents-openstack-4.10.0-62.el9.x86_64.rpm
MD5: fd2395b8fd665e08781eb72526595716
SHA-256: 7b0585816697c24cb16784b96214474d737a91cdf83dc81a67022cb40ae366d9
Size: 17.12 kB - fence-agents-redfish-4.10.0-62.el9.x86_64.rpm
MD5: 2b78980352efdf7a4b1eccf28b41d80f
SHA-256: e15cba6d84d7343cd69dc54fe0fe535a9983daf04ca0e7cdd4aabe03f52096a4
Size: 16.03 kB - fence-agents-rhevm-4.10.0-62.el9.noarch.rpm
MD5: 0e7f785a5982e201572b81a380fd22eb
SHA-256: e0ae7ff72fd2d55c0bc346016d8b00e6aacd82bbc85009f9ef0dab54f533e507
Size: 16.32 kB - fence-agents-rsa-4.10.0-62.el9.noarch.rpm
MD5: 42287fc9fb612be43f6dcc24deb4fabb
SHA-256: 95ccb06e8a94a86957fd0974f721776b2a331644d3966a897da8f8156f3af61a
Size: 15.05 kB - fence-agents-rsb-4.10.0-62.el9.noarch.rpm
MD5: 0f5240df0b8fede38268a59e0305f276
SHA-256: c1137640db9bb558827cc2c926767f02ee5640bf54c46d041cd4ab8dce86b5c3
Size: 15.09 kB - fence-agents-sbd-4.10.0-62.el9.noarch.rpm
MD5: 85115b709a300e80bffb7c39fa04d298
SHA-256: 3c46549247e6b7eba0a2f0199bd3aaf73eedc54507138b374b478f8f2f43f1b9
Size: 16.71 kB - fence-agents-scsi-4.10.0-62.el9.noarch.rpm
MD5: 9ca372f21e0c15cf623e003aa784382c
SHA-256: 42f5811b0775bc93a7067eedf75bd490f81c994a7b07bd8826ea863dda837e7e
Size: 20.45 kB - fence-agents-virsh-4.10.0-62.el9.noarch.rpm
MD5: b0b7e4b84d534473cdf8f013c963346c
SHA-256: 617bb102bbcc8edfc42c1ad05c092dd99fb14edf34bc0f05d0901fc9815a9351
Size: 15.62 kB - fence-agents-vmware-rest-4.10.0-62.el9.noarch.rpm
MD5: 8725b94f1cc07034b295e147029476ce
SHA-256: ba903e502691ce9e56dd77d86f7dd3b8c1eb54b7f9f4f9d5897e8932d357445e
Size: 16.29 kB - fence-agents-vmware-soap-4.10.0-62.el9.noarch.rpm
MD5: c72d94887ffe45228042eba7557ba548
SHA-256: bb32891d4d5909644c8cd31d0841c0d0964063bddba61758208229708e10527b
Size: 17.22 kB - fence-agents-wti-4.10.0-62.el9.noarch.rpm
MD5: 2240ae4317892d5f72e958704b0edf17
SHA-256: 7dd00c94f9a6757c4aa92acc0bc7910c883585a8af6d53340a2b9d78f6e2af06
Size: 16.63 kB - fence-virt-4.10.0-62.el9.x86_64.rpm
MD5: 048ecaa220a2ae529d241506ddfda02b
SHA-256: e4c0383f1d4b92c5ac1c8f7c4785531fa9608ba9b0b9cb38727340d5f0cc7fa1
Size: 39.97 kB - fence-virtd-4.10.0-62.el9.x86_64.rpm
MD5: 276e16a8ef72588df556dff96c44ef28
SHA-256: 4f060062baa23f55f9cdb2e30517b6bd8fec15871228eea3447f440d33af04cb
Size: 53.27 kB - fence-virtd-cpg-4.10.0-62.el9.x86_64.rpm
MD5: 43e04d9325ed902be631fe9b0a3f0441
SHA-256: 26be34168727399508bdeb9e37e819d9a921b76e0f7c4a94ee4891dda021241e
Size: 36.21 kB - fence-virtd-libvirt-4.10.0-62.el9.x86_64.rpm
MD5: 3b3b2b24162d3ab367d2d53d95e07b5e
SHA-256: 07afec810e5c54f1b0d2f337da3ae1ef31614e7118000f1e49c57b0883d33fa3
Size: 32.72 kB - fence-virtd-multicast-4.10.0-62.el9.x86_64.rpm
MD5: 0a0f8a10e8cc78a8d83b4f4ac5886f22
SHA-256: a8cc2280e61a453592896bf1261ae7822c5ce64d033e4a0da1c3ca908b4e6d8a
Size: 29.63 kB - fence-virtd-serial-4.10.0-62.el9.x86_64.rpm
MD5: 33123175c862df3fce1c104e618d032d
SHA-256: 75a7b85aed186394ecb421a434c202b73af6e976b3c17c66f0915d92d22133d7
Size: 33.17 kB - fence-virtd-tcp-4.10.0-62.el9.x86_64.rpm
MD5: 8e22aa4cb649bdb7820dbbd0a9679084
SHA-256: 939e17e02eaa7eda52f5a291181ff978f7f70eb77a7b8e8df4939de254c15c91
Size: 29.12 kB - ha-cloud-support-4.10.0-62.el9.x86_64.rpm
MD5: 7165e350b39de0f7b78ae6486644d18f
SHA-256: 9b6a7750497e375c7dbe360aefe840495cd30c393ab91a5ea44a53fbbc44c64a
Size: 35.05 MB