Hi Albrigtsen, Python3-urllib3 package used from redhat and reported CVE-2024-37891 mitigated version available will upgrade to latest version in the system. As per below your statement update urllib3 package will mitigate this vulnerability no need to update resource-agents module. This is our understanding correct me if I am wrong.
Thanks and Regards, S Sathish S -----Original Message----- From: Oyvind Albrigtsen <oalbr...@redhat.com> Sent: Thursday, September 19, 2024 12:35 PM To: Cluster Labs - All topics related to open-source clustering welcomed <users@clusterlabs.org> Cc: Tomas Jelinek <tojel...@redhat.com>; S Sathish S <s.s.sath...@ericsson.com>; Kohilavani G <kohilavan...@ericsson.com> Subject: Re: [ClusterLabs] resource-agents security update [You don't often get email from oalbr...@redhat.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ] Hi, This is a urllib3 CVE (bundled with resource-agents on RHEL8), so on other distros you'll have to check if the python-urllib3 package is version 1.26.19, 2.2.2 or later. If not you can check the distro-specific changelog to see if the CVE has been fixed in the version you're using. https://access.redhat.com/errata/RHSA-2024:5309 https://www.tenable.com/plugins/nessus/200807 Oyvind On 19/09/24 06:32 GMT, S Sathish S via Users wrote: >Thanks Tomas for your response. > >@Clusterlab team : can you check on below query and update us. > >Regards, >S Sathish S >-----Original Message----- >From: Tomas Jelinek <tojel...@redhat.com> >Sent: Wednesday, September 18, 2024 9:19 PM >To: S Sathish S <s.s.sath...@ericsson.com>; users@clusterlabs.org >Cc: Kohilavani G <kohilavan...@ericsson.com> >Subject: Re: resource-agents security update > >Hi, > >Sorry, I don't work on resource agents, so I'm not the right person to answer >this question. > >Regards, >Tomas > > >Dne 17. 09. 24 v 14:16 S Sathish S napsal(a): >> Hi Tomas/Team, >> >> In our application we are using resource-agent-4.12.0 >> <https://gi/ >> t%2F&data=05%7C02%7Cs.s.sathish%40ericsson.com%7C7362a4ae49434b4bbe0a >> 08dcd879560e%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C63862326285 >> 9655867%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiL >> CJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=9vNDpoXa31hSP4PCdf35 >> 9LKi1ir9x1fMRYz2GCSWrfY%3D&reserved=0 >> hub.com%2FClusterLabs%2Fresource-agents%2Ftree%2Fv4.12.0&data=05%7C02 >> % >> 7Cs.s.sathish%40ericsson.com%7Cb2d3854e7d1240dff21708dcd7f96808%7C92e >> 8 >> 4cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638622713399244865%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3ThxwAAaiOfBcPTLUKeYQBP2w9XHix1ZXmK0KrU4Xvs%3D&reserved=0> >> version and that module has vulnerability(CVE-2024-37891) reported and >> fixed on below RHSA Errata. can you check and provided fixed on >> resource-agent latest version on upstream also. >> >> https://acc/ >> e%2F&data=05%7C02%7Cs.s.sathish%40ericsson.com%7C7362a4ae49434b4bbe0a >> 08dcd879560e%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C63862326285 >> 9672823%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiL >> CJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=sMArNs1F0EhkWKOZoQGM >> 27ky82Ih%2BoW6NbWLQgzI3bo%3D&reserved=0 >> ss.redhat.com%2Ferrata%2FRHSA-2024%3A6310&data=05%7C02%7Cs.s.sathish% >> 4 >> 0ericsson.com%7Cb2d3854e7d1240dff21708dcd7f96808%7C92e84cebfbfd47abbe >> 5 >> 2080c6b87953f%7C0%7C0%7C638622713399254190%7CUnknown%7CTWFpbGZsb3d8ey >> J >> WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7 >> C >> %7C%7C&sdata=nXfNx6aeV1AcJJ7U0VVcztbm%2BGUHcC9QgK%2FdiKLgz7E%3D&reser >> v >> ed=0 >> >> Thanks and Regards, >> S Sathish S >> > >_______________________________________________ >Manage your subscription: >https://lists/ >.clusterlabs.org%2Fmailman%2Flistinfo%2Fusers&data=05%7C02%7Cs.s.sathis >h%40ericsson.com%7C7362a4ae49434b4bbe0a08dcd879560e%7C92e84cebfbfd47abb >e52080c6b87953f%7C0%7C0%7C638623262859687084%7CUnknown%7CTWFpbGZsb3d8ey >JWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C >%7C%7C&sdata=wiZLjXCM743n24lC8ddorB5URDAZ9LDaJPFYVhQV%2FiQ%3D&reserved= >0 > >ClusterLabs home: >https://www.c/ >lusterlabs.org%2F&data=05%7C02%7Cs.s.sathish%40ericsson.com%7C7362a4ae49434b4bbe0a08dcd879560e%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638623262859699515%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=q3NA%2FrA7X5m4ZIZH9zuSPm8E9AgdYMhw757i%2FOh5sDw%3D&reserved=0 > _______________________________________________ Manage your subscription: https://lists.clusterlabs.org/mailman/listinfo/users ClusterLabs home: https://www.clusterlabs.org/
