fence-agents-4.2.1-129.el8_10.4
エラータID: AXSA:2024-8788:10
リリース日:
2024/09/06 Friday - 15:56
題名:
fence-agents-4.2.1-129.el8_10.4
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- urllib には、Proxy-Authorization ヘッダーのデータに認証情報
が含まれるものとして処理しないことに起因して、オリジン間
のリダイレクト時に Proxy-Authorization ヘッダーを削除しない
問題があるため、リモートの攻撃者により、プロキシサポート
を有効化しない状態下での細工された HTTP リクエストの送信
を介して、認証情報の漏洩を可能とする脆弱性が存在します。
(CVE-2024-37891)
- pypa/setuptools の package_index モジュールには、リモート
の攻撃者により、利用者もしくはパッケージインデックス
サーバーから取得した細工された URL の処理を介して、任意
のコマンドの実行を可能とする脆弱性が存在します。
(CVE-2024-6345)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-37891
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.
urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations.
CVE-2024-6345
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
追加情報:
N/A
ダウンロード:
SRPMS
- fence-agents-4.2.1-129.el8_10.4.src.rpm
MD5: 80c24ca266d5afcedbee3a1f3374521d
SHA-256: 5fec7f2e590ce20028b0489d7ec6c55d25a369a816f62b246d00e5e681c243ea
Size: 21.95 MB
Asianux Server 8 for x86_64
- fence-agents-aliyun-4.2.1-129.el8_10.4.x86_64.rpm
MD5: 6fe4f3549ea5682e159a3708d2139e6c
SHA-256: d602b0f466aed717a6bc7afdc491ede6f6a6729b9271be0009a33e36e1267e94
Size: 2.51 MB - fence-agents-all-4.2.1-129.el8_10.4.x86_64.rpm
MD5: 010cb0a582a0b61fd53f71f1c6a7d10b
SHA-256: c1641e55bf0593bc353596ef599703109d79874092e370c63247fc3abccd2a1f
Size: 25.96 kB - fence-agents-amt-ws-4.2.1-129.el8_10.4.noarch.rpm
MD5: f136b89d3137e8bf13e4dcff21f74562
SHA-256: 8c633d3df48b78efc567a53281d464a4f5203a515dcff0375f2b08c9129d7ece
Size: 29.46 kB - fence-agents-apc-4.2.1-129.el8_10.4.noarch.rpm
MD5: 54e0d522ddaddea1d8414f06581c5a2c
SHA-256: 3ad87fc01976f3a8ed47ec84215598933e1f8ab8057334a5140ce67d7b340f1b
Size: 29.55 kB - fence-agents-apc-snmp-4.2.1-129.el8_10.4.noarch.rpm
MD5: 982069c0fa9b852e5f66c2ea86b167a3
SHA-256: f5a867507166d056936f2c49f5da372b3eb444c8c9764fb9a8d5ee7c6029189b
Size: 29.52 kB - fence-agents-aws-4.2.1-129.el8_10.4.noarch.rpm
MD5: ab0eacc6f672c6ee87b451e17f40a845
SHA-256: c0ebaf8b2ae016069b1caecb9c5cae0730a4d71a2b22b2cc1cdcb0b72dca38b0
Size: 6.73 MB - fence-agents-azure-arm-4.2.1-129.el8_10.4.noarch.rpm
MD5: 7d1d0efc0db8ff0c33321c5196a2a531
SHA-256: fcc12bd4ff0a91f28c93b1d9406435b77f03226b2bb93a15a0d1e16df2069588
Size: 38.05 kB - fence-agents-bladecenter-4.2.1-129.el8_10.4.noarch.rpm
MD5: 5f88ad721578f5203321721bb5b65fab
SHA-256: 9a344621c00163f3e088c85550c7663a8a767520d4f514ea7250a6b7303b95c7
Size: 28.60 kB - fence-agents-brocade-4.2.1-129.el8_10.4.noarch.rpm
MD5: 6d9aeab7c63ab6e1f2dd73eb7bf2c02a
SHA-256: 02550855916adaa9a0c37b440b9317e449883546068f5ca3489d7a1329c87c27
Size: 28.71 kB - fence-agents-cisco-mds-4.2.1-129.el8_10.4.noarch.rpm
MD5: ec8cca9054a88387b31f6a7387270a87
SHA-256: 7068908d83cadb9f7521a72ba06e1e7a4db8582cefd4c07a723059cf248f9ca3
Size: 28.54 kB - fence-agents-cisco-ucs-4.2.1-129.el8_10.4.noarch.rpm
MD5: aec4c8bf30cff3b6a47f9fecb6377672
SHA-256: e205c19bb62df90053759384b9bdfa022999a524874df2062e7b5c8a0e1e3067
Size: 29.20 kB - fence-agents-common-4.2.1-129.el8_10.4.noarch.rpm
MD5: da2583f602b0857eda943c28493934cf
SHA-256: de737ef9189bedc414d7960dae0691b16a67b2bf0eb0ed82c9ef4fe5ef4dc07b
Size: 72.66 kB - fence-agents-compute-4.2.1-129.el8_10.4.noarch.rpm
MD5: ea0af66f86c63ad7e598a27f49efda33
SHA-256: 7214ad16935f5d1f20a51fe22364818b20880a87acdeea1d91c8752daac6b041
Size: 35.73 kB - fence-agents-drac5-4.2.1-129.el8_10.4.noarch.rpm
MD5: 440034243d43f74be463e38721674f49
SHA-256: e8a172c6afb918475c59e189afe9fff10621d26f73e620dc0a68282ebc8b02e9
Size: 29.20 kB - fence-agents-eaton-snmp-4.2.1-129.el8_10.4.noarch.rpm
MD5: c77c6647c71d68856bb4e50ff473958c
SHA-256: 41d4e3a5492c721032928566f79ec149cf665524b9dc50739602adba7135a48a
Size: 29.71 kB - fence-agents-emerson-4.2.1-129.el8_10.4.noarch.rpm
MD5: 4f7643d28cb9f5d12a7f917923f12c6b
SHA-256: f247399962c33214738d295c0549b14b033475f5197725fc811da35a8650ec82
Size: 28.12 kB - fence-agents-eps-4.2.1-129.el8_10.4.noarch.rpm
MD5: 83ce770a1c86526de522614d3555d623
SHA-256: 5d7012a708aa5f5183eb595d0b1a76a68d6a0fffdf4b159488624286ff68aaa2
Size: 31.02 kB - fence-agents-gce-4.2.1-129.el8_10.4.noarch.rpm
MD5: 4e6832c2f428f3a706b21b118b1bf8f6
SHA-256: 466eda2e9e917475b42ce0b7e894b933ef66ba41f2ed7675b0bee0475520a3e4
Size: 252.87 kB - fence-agents-heuristics-ping-4.2.1-129.el8_10.4.noarch.rpm
MD5: 459f1134b6a70baabca49ca314670077
SHA-256: 90f607def1058ba4c53405153cc454293d2df1d4e0b6fc7cdcaad10e21f9fbe7
Size: 28.99 kB - fence-agents-hpblade-4.2.1-129.el8_10.4.noarch.rpm
MD5: add507aa7e766ce8a956a0f43f2c3561
SHA-256: 44ddfdf9011f1956b33536c28383ab144a4e976894a5ab0aba2f26f7dfd67d23
Size: 28.73 kB - fence-agents-ibmblade-4.2.1-129.el8_10.4.noarch.rpm
MD5: 7788a1f2667d502eaca2b64cf16037e2
SHA-256: 04a7e0a9e0eeeda07bfd7247bf5a261e798d695a84a773bd301c8186931a0ce1
Size: 28.25 kB - fence-agents-ibm-powervs-4.2.1-129.el8_10.4.noarch.rpm
MD5: 8d26998f149280bbf82f4d6b9444d9eb
SHA-256: 7c6b0bbe29a88af8c89d963854814b66168a1fa790ec502174105b14401efc28
Size: 29.23 kB - fence-agents-ibm-vpc-4.2.1-129.el8_10.4.noarch.rpm
MD5: d50603b1acb283982e28d4d3f02f582c
SHA-256: 365ee4ec02e3c38ff199784a804e374af0d049a55cac257f7cb2dce172f121b6
Size: 29.69 kB - fence-agents-ifmib-4.2.1-129.el8_10.4.noarch.rpm
MD5: aa24d950fa7e0f0327f760a690c9a28b
SHA-256: 84aed911ec09557c6a4ab89ef8d9ae4d25c56f3aa234f45322c49ac926c55735
Size: 28.86 kB - fence-agents-ilo2-4.2.1-129.el8_10.4.noarch.rpm
MD5: b80b0aaacc7bef42412a7ac14749f5af
SHA-256: 6fa1f5cfc62f76366bb53bf55cbdc12c744d93b5114066b584f8df69c18990ae
Size: 30.83 kB - fence-agents-ilo-moonshot-4.2.1-129.el8_10.4.noarch.rpm
MD5: 2f8a1c9e541a69fac560f45b334925e0
SHA-256: dc5726fe623036e064bfc167174b1852946f4c4a1d7299e1afcf19bb165a5fc1
Size: 28.05 kB - fence-agents-ilo-mp-4.2.1-129.el8_10.4.noarch.rpm
MD5: 95cc43c0aee8630af462e83160e9f3ed
SHA-256: 86c87f17650ed74fb57f224777c815bccc3fe4de97cfaa8d919cdf3d8e380b78
Size: 27.84 kB - fence-agents-ilo-ssh-4.2.1-129.el8_10.4.noarch.rpm
MD5: 202315b2b2d72984cc715991f13977d4
SHA-256: dd1fb34553f8312568cfa2d6eaa026ea69efca4d076c3b8c55f19dfccca2dcca
Size: 34.55 kB - fence-agents-intelmodular-4.2.1-129.el8_10.4.noarch.rpm
MD5: b96112eda90854eda8084f25b1d6fbc3
SHA-256: 13eadbd421da680f2a26bbfc2e43de5e204e50083308698e00a4a82efeaeff64
Size: 28.67 kB - fence-agents-ipdu-4.2.1-129.el8_10.4.noarch.rpm
MD5: bae190a35d4a6fd0489d6837f7f0aa65
SHA-256: 8aba4733f85db84dee759aba59e8810ab4a2eb55f4e8934c49b652b1eba52216
Size: 28.89 kB - fence-agents-ipmilan-4.2.1-129.el8_10.4.noarch.rpm
MD5: 304b819ceedeb5ab92be0ca620d5d9b3
SHA-256: bc697d4ee4d4133829e32c2ea93fc70aea7490c5ef0c79597269a57199029d90
Size: 42.38 kB - fence-agents-kdump-4.2.1-129.el8_10.4.x86_64.rpm
MD5: 1aa9fc13f4534e9e9382c255fe6a4b6a
SHA-256: f1fadaa39da6c2f4fa7cf7f8a35b13b0b4d57cdc465b6f1f402590a43283bd37
Size: 40.91 kB - fence-agents-kubevirt-4.2.1-129.el8_10.4.x86_64.rpm
MD5: 8df0eeaaae0a8f6cf117edfe9228cb79
SHA-256: b8be8720b9db03bf45d3eb272b518db506f87dbc1a54c7c421b62e96abdde8a6
Size: 4.46 MB - fence-agents-lpar-4.2.1-129.el8_10.4.noarch.rpm
MD5: f54156225722ee8687c94ae26701ff55
SHA-256: eec8825b0b55285b513ba8c546f6a6fd87d083572e2f031c2043fe27e5e0d694
Size: 29.10 kB - fence-agents-mpath-4.2.1-129.el8_10.4.noarch.rpm
MD5: da29507b62122b198e84779ca8f340d3
SHA-256: e971cd953f0ad842b141f837698e972aff87dcc2236efa7c0307c4e16ce861eb
Size: 31.26 kB - fence-agents-openstack-4.2.1-129.el8_10.4.x86_64.rpm
MD5: de34883e9e8dfc6b2cf6f1f962874e7c
SHA-256: 753ecb52ec3590fbf8228e9c5f19ba4c9534083f2f489c61769da5886ca9f3cd
Size: 30.21 kB - fence-agents-redfish-4.2.1-129.el8_10.4.x86_64.rpm
MD5: 7d1b1bfc342032f97d975ed37561703b
SHA-256: b2e02666db9416e017deb950b99eb6054b53fc27f5f12c13f318f2850f84f117
Size: 29.14 kB - fence-agents-rhevm-4.2.1-129.el8_10.4.noarch.rpm
MD5: 7c1abfc2e8dba6adabedec995d509a39
SHA-256: 7a0e2a9c35a288f193e711c06c12251408a2e2e0aa15b4abb90510815ad75246
Size: 29.47 kB - fence-agents-rsa-4.2.1-129.el8_10.4.noarch.rpm
MD5: 730e5ffb3044344691ab1106df293a74
SHA-256: aa9dc2781b028fe1536859b8246e02ad52366397b17900f4d753a05d059cbebe
Size: 28.18 kB - fence-agents-rsb-4.2.1-129.el8_10.4.noarch.rpm
MD5: 524e7221d26180824aeb34c1736cc20f
SHA-256: b00cf26768831d8dd1c59b4708aa638f1b5c62c0abbdd085726e2c7a797ec56e
Size: 28.20 kB - fence-agents-sbd-4.2.1-129.el8_10.4.noarch.rpm
MD5: 9ea6b37ba37ea37f69267d23627a5d6b
SHA-256: 63d5004adc44fbcbdfa9fc36b9831d0a48b900d29e1249c57e31a4be4218c15d
Size: 29.95 kB - fence-agents-scsi-4.2.1-129.el8_10.4.noarch.rpm
MD5: cfe0c1788056a8ce3ead0d77bcfd051f
SHA-256: 1a71f1c28d9f3d3e80cfd0124dbc8a743cb7cb00407c5804a724efce65f79178
Size: 33.76 kB - fence-agents-virsh-4.2.1-129.el8_10.4.noarch.rpm
MD5: fa31d86629adb7df7631427b7a1aa4fe
SHA-256: 48a93da516fbe6f2a199e3daab5e73e299cc61c3b9045e078f0a25d5006f6082
Size: 28.81 kB - fence-agents-vmware-rest-4.2.1-129.el8_10.4.noarch.rpm
MD5: 332af81146c158a3c13c1411dffd869e
SHA-256: 093de5bd43fe2a6fbec07843f42fc8e5fde2a57a25baad3c0ca2988424aa0420
Size: 29.38 kB - fence-agents-vmware-soap-4.2.1-129.el8_10.4.noarch.rpm
MD5: c113a76a557104cd60ae19c9d3b839a0
SHA-256: a230fe55af40ff1198fd233b929ca86dc903d7cd61442e7c6161437ad6d987ed
Size: 30.40 kB - fence-agents-wti-4.2.1-129.el8_10.4.noarch.rpm
MD5: 520c4c7c7bd7f560280d31673bf397c9
SHA-256: ca00572164975b1ca52efa784075314a7a31e1e8da654e969cd0c822a761c0d6
Size: 29.81 kB