fence-agents-4.10.0-62.el9_4.4.ML.1
エラータID: AXSA:2024-8555:09
リリース日:
2024/07/11 Thursday - 14:47
題名:
fence-agents-4.10.0-62.el9_4.4.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- urllib には、Proxy-Authorization ヘッダーのデータに認証情報
が含まれるものとして処理しないことに起因して、オリジン間
のリダイレクト時に Proxy-Authorization ヘッダーを削除しない
問題があるため、リモートの攻撃者により、プロキシサポート
を有効化しない状態下での細工された HTTP リクエストの送信
を介して、認証情報の漏洩を可能とする脆弱性が存在します。
(CVE-2024-37891)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-37891
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.
追加情報:
N/A
ダウンロード:
SRPMS
- fence-agents-4.10.0-62.el9_4.4.ML.1.src.rpm
MD5: 645ae95d02be174ccdbc356856c2c5e0
SHA-256: 56201ecb3804897674770b8febbe6ed5cdb61ad325afd582be84a83f5e317194
Size: 68.85 MB
Asianux Server 9 for x86_64
- fence-agents-aliyun-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: ec192faaf3b6880d7551f2d417cd0d91
SHA-256: 80be8e617b0aedb1798a90e010c4700d7a88b14604a983dcaf2c2a5dfbb420c3
Size: 14.73 kB - fence-agents-all-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: 02b1ba47adb8eb7ff458600358557127
SHA-256: 2afadcafbf47fc9d7481eeb7eb373b6fe9f0269007dab49263b2e2bc049c7ada
Size: 11.56 kB - fence-agents-amt-ws-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: bb8e838bb2254dfe9a058d48bbcf23c2
SHA-256: e552d73c21c19912a726c4ecaea65bee5f97426826a2c6fd74bd9b4b7ec5d1b5
Size: 15.57 kB - fence-agents-apc-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 01875af7363c278a169590cf3009df7c
SHA-256: f6d16e592c90bb2a1a6dce6c590c9fed079eca8d30483e94000e50154de2e1ae
Size: 15.70 kB - fence-agents-apc-snmp-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: b98d747437345a7ed36079b4ab4eb0e8
SHA-256: bf353ba34a5b49c07a679c03ea896a4b1d3172f6cadba0fb245d91c906b577e5
Size: 18.05 kB - fence-agents-aws-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: 29004ab4d6af27fad6f8e964e62ef5da
SHA-256: 742965cc424d5f169f3c567a580dc90e68a956f87d1473bb4e84014da30c4daa
Size: 15.75 kB - fence-agents-azure-arm-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: 0633cdcaa5df087ac4ff67b897d721ad
SHA-256: 087f17cff4153c9835f1c5810d679adb1a0dea554e3f67d816588df1d12ffc8e
Size: 25.12 kB - fence-agents-bladecenter-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: e9c465c60ea0a6d3a148f400afab920d
SHA-256: 4655a8efb5da0e0a32f35747b1a785ae70e19bfbbfd63dd88f2d728a9abe7897
Size: 14.73 kB - fence-agents-brocade-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 62ab02bb4d8554fba547f10e9141f424
SHA-256: bfb52bdaa0ced4ba0b49281d839a397b92b362c050f49cf12e2b7496b3d0e602
Size: 14.83 kB - fence-agents-cisco-mds-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 5ed8fdcf0f3045c64bd94922494acbc5
SHA-256: c51d1f4df3d455e9d328a79273e84ccc4361622e6f90d3cd8f0630d0168c4849
Size: 14.67 kB - fence-agents-cisco-ucs-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: ccfa1b113b92c0ba75d210885c733c0a
SHA-256: 8c40173b4343b3ae3ca5e70ff54fae00edfc690bdc81fbf08aa1e553ecaf8e86
Size: 15.36 kB - fence-agents-common-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: ccc975aad632b635f6927ca2c036267e
SHA-256: e3e71c8a38289c619b1ab15533e33a3a4f50473392465bce62fdeb2e74d1bdc7
Size: 425.14 kB - fence-agents-compute-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: f974639631e7e503d44abacb133c28bd
SHA-256: 4cb94f1a1b8352b334cc84989610298953c296137fdca0993fbc4839bff2229a
Size: 21.82 kB - fence-agents-drac5-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: b1442df6db330be9fedbb7f2feabfb38
SHA-256: 5dbb95150f73064b4f955a31ecea846e6a7cf68cf15e4c24556a1b72a58b3296
Size: 15.34 kB - fence-agents-eaton-snmp-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 81e9a53ab10976f3dc28bce0b0284e17
SHA-256: b06f8093ff71b6828aa2a54dc9365daba3ba9e17e1af149bf0b478e661a526a0
Size: 15.86 kB - fence-agents-emerson-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 104b4fd7837cd024c881c26d721d8bfe
SHA-256: 862e5e34581ae9a78bf61847fdee00460c1415de3820265d6764e9977b4598db
Size: 14.32 kB - fence-agents-eps-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 19831536e0e479690f504e6cb3e351fc
SHA-256: 09ba9a62fd8c2f656a74733ceee763fb0a5d352ba732780442616c1cfbb43f4b
Size: 17.14 kB - fence-agents-gce-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: 1cec0f0dc7a7c55583abebf00e5ef643
SHA-256: d40e3a12ac14c1fb3391b1c8d8a137d5b47ceb5ef799b56d1dc5356900690cdc
Size: 19.72 kB - fence-agents-heuristics-ping-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: c00ff89280ff645f6ed8820bdbbc682a
SHA-256: 4ae6b9fe46747428ef031016fd29cf56694d85063e5b80489872344e44e25530
Size: 15.20 kB - fence-agents-hpblade-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 432825c30624c592382397504f4970f7
SHA-256: 89c51124751bf1ce10eb59e03ff2bc91af288f4fe01af644b4d06401f9ab7362
Size: 14.91 kB - fence-agents-ibmblade-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 03cb9e41568542152828a0aeb545f367
SHA-256: f031bfd9c40de32c7d02ad3740ab4762d3fa9c0f1657c5767f57f97698497658
Size: 14.45 kB - fence-agents-ibm-powervs-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 931c029d551a7db9429f4427c1ccea1c
SHA-256: b4eedd713f51c20e7819e44bcc153239cc3182780e57b69c8c9b9635bec9ea65
Size: 15.48 kB - fence-agents-ibm-vpc-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 2ea80f24a56bd4adee5b149c8a8607a2
SHA-256: 2fe0967d494f21249280014b990e7612ef0c87fe5743aa029e4827cfcfcbd91f
Size: 15.95 kB - fence-agents-ifmib-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 1b0d1cfb30ae9a1a9a4b3ff7f93d0d68
SHA-256: 57c985ec6f17a94847990b915cdeb9ed899eb955a62af2d5ae523f8b987df7ad
Size: 15.00 kB - fence-agents-ilo2-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: b2980494c5c8500aaf9b2706b42e9b63
SHA-256: 5ecfc7bc34b3cc05f6c2f766b71d329d5fd931e3ce45072ee887f7f0ad3f95bd
Size: 16.97 kB - fence-agents-ilo-moonshot-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: f4520d8753d742da62b239663543a5fc
SHA-256: cc04f4e6ab67be6b8e492c7a9acbfc33992a193508c8517fe45cdb3c6f4f0919
Size: 14.23 kB - fence-agents-ilo-mp-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: cccc84846b74c60680d9e9962196e2e2
SHA-256: d9a9a24a52517f4458143245e07de9d866a82aadcfe9f28032eea23e5676894e
Size: 13.98 kB - fence-agents-ilo-ssh-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 26255918f9f44ef1ed1eeabd0b075546
SHA-256: 8eacdaba609f953a5c7e45cfd8a01a2f308339fc4321b264a04558a3f7171325
Size: 20.57 kB - fence-agents-intelmodular-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 86fcf8747fb836615b14faaf7ba27441
SHA-256: 346110f1a306c89f5aae55e5afdddefd6f645ed5f350bfe24b65c5a30484f56d
Size: 14.81 kB - fence-agents-ipdu-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 5e05b31962ee215b30cf45797b02e0b8
SHA-256: 82a79242a03064f559dc3a2a56af650f08689e4b1794c3ae9f1f888e4bae4693
Size: 15.03 kB - fence-agents-ipmilan-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: c7ef8793d9045402b29ebbbba746d088
SHA-256: e310e9206376844eca036fe52956f06ecb6e49fcbba63b8139530cc08ef0be54
Size: 32.97 kB - fence-agents-kdump-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: 6f4e1681c0e0b3da62ebd486762e73c3
SHA-256: f3a61638585414214c94ec4ed699c1c3c9be4a381a16f3d71dd18d944bd46431
Size: 27.39 kB - fence-agents-kubevirt-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: 4c2a62a9ad47c44326d8ef2ddd724a1a
SHA-256: 07c758b14244b3525b54afde69eafa53729b201f8312c636a0d75359bed97cf2
Size: 4.55 MB - fence-agents-mpath-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: a8977db6b4849dcc0ab4a6b83df8a1c7
SHA-256: c03acb57bfc54bc8ea43a9a0893b15892dc9ab6083fd5458ef94ea6b49d22d92
Size: 17.39 kB - fence-agents-openstack-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: fa1fe3a9d9d8b0d4e22c4cb07192b36d
SHA-256: c503ab2af92dc4adf05486d65aa19b45e33e6d2c709c13208509757f843a76ae
Size: 16.46 kB - fence-agents-redfish-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: 428d8c8477613021d160ba5321b22018
SHA-256: 598c9cdeeb0e6fea89dbfe34aa79e318e19dcf75aec44c591428ea26b146e36e
Size: 15.35 kB - fence-agents-rhevm-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: bbc2af63a4aebe3a49dbf17c02f3b72a
SHA-256: 6d88e609fe9bc2e8b6bda9d1085d338ffa37c488bae281d784d438e2446784e1
Size: 15.65 kB - fence-agents-rsa-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 0106b106e230c5e4a584d8b9d3f2ae7f
SHA-256: 067ee5596eea5cd594b7a228d9af6bd6aaf822f9fe1603c13685d79fa0e6ef41
Size: 14.37 kB - fence-agents-rsb-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 59d534e7480b2d76f69f8832c6a0945f
SHA-256: 5a0842a275d40e34078ee32c85b6331d479348e7d2eedb8e77d28570e2ca8f2c
Size: 14.41 kB - fence-agents-sbd-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 0c0d1793b40a3731d7a4ce9e3b3228d5
SHA-256: c8ac520c446faefd2240caa802e386ff01ac4fd1c791b939c1373f681acbde6b
Size: 16.04 kB - fence-agents-scsi-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: bdcbb26b73de3f4a98ab087b88a2e25b
SHA-256: f9a099ba9b361d361db40804aaca26f62caf890270e73d6fd9aaf0283397a079
Size: 19.78 kB - fence-agents-virsh-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: a6bcfb9241885635a1e1a95113f174e7
SHA-256: b2bcde90b5813e0660d863d7db30f8392acc31df08b8a9dc64d749d722e18f8a
Size: 14.94 kB - fence-agents-vmware-rest-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 9bcfa2052cf69d72cb6987325b42e9ec
SHA-256: 2b5cd54344462fdac4dd351d433cf31dca7ecdd5850dc51866371bc44caca163
Size: 15.61 kB - fence-agents-vmware-soap-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: 97c199968bb88f51be1713357dac5a19
SHA-256: 17413557511f92f29b2cae49fbed57204cbbfe69efe0082c37230f65c40e7077
Size: 16.55 kB - fence-agents-wti-4.10.0-62.el9_4.4.ML.1.noarch.rpm
MD5: a07fd0e793483bb4bf3d0a76740c4c89
SHA-256: f03accaee288e2b1ad42cc97455d2a735523a760c1648aa05ab1a9437ce2dc42
Size: 15.95 kB - fence-virt-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: ba40ad3161fe4310f5c3149b6f702a7d
SHA-256: 87ca61f1effd6a54b5ff2149ad48100c49ad9179bd0d8d78ff3db6ae7a590eae
Size: 39.28 kB - fence-virtd-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: 7a311c2592160f2f05549ba4878c92e2
SHA-256: 277067f1e222c3412824491ee19861baef609dfb7c847fd7872d3e29ccf7ddd0
Size: 52.62 kB - fence-virtd-cpg-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: 1c749d3ff3330d860f6a9050281a5a16
SHA-256: 3e9d2de39539883a98df5d5cb25f184e9830fefea6768eeb75b87499fb02203e
Size: 35.53 kB - fence-virtd-libvirt-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: df96b7d96a8c8b365c63f340d11ea643
SHA-256: 764cbe0e6e332532e3459ff333961ef8663729519c9abe3d962d93ec038729a6
Size: 32.03 kB - fence-virtd-multicast-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: a48c79bf454802153d0606a6f7768fca
SHA-256: 601a91bca2b3d2f55cd7f160bca947eb7c46911788686a022ad3fb07a4d458c3
Size: 28.98 kB - fence-virtd-serial-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: dbd1e9d6027e90ee32643746f47368a3
SHA-256: 5fa91fc3fbbde3f1cf68bcf3013a0c29c8247273096db50afb1f03678de4f310
Size: 32.50 kB - fence-virtd-tcp-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: ed0d3f9132fc3e998e969beb24087806
SHA-256: 4af87b7342a222bc943e02564ff635543bc73f72829aa652a584ccc86d7c00e3
Size: 28.56 kB - ha-cloud-support-4.10.0-62.el9_4.4.ML.1.x86_64.rpm
MD5: 7649709a975c45484b17b9ce5a086fbe
SHA-256: 6f083730e8c3ff4f642e9508a7ec91679d7209a1e69ff13d96a569e1800e4bf0
Size: 40.66 MB
English