If you're using RHEL9 it's bundled in ha-cloud-support and
fence-agents-kubevirt, so you can run "yum update fence-agents-*
ha-cloud-support" to upgrade all the packages that could contain the
CVE on RHEL9.
Oyvind
On 19/09/24 10:22 GMT, S Sathish S wrote:
Hi Albrigtsen,
Python3-urllib3 package used from redhat and reported CVE-2024-37891 mitigated
version available will upgrade to latest version in the system. As per below
your statement update urllib3 package will mitigate this vulnerability no need
to update resource-agents module. This is our understanding correct me if I am
wrong.
Thanks and Regards,
S Sathish S
-----Original Message-----
From: Oyvind Albrigtsen <oalbr...@redhat.com>
Sent: Thursday, September 19, 2024 12:35 PM
To: Cluster Labs - All topics related to open-source clustering welcomed
<users@clusterlabs.org>
Cc: Tomas Jelinek <tojel...@redhat.com>; S Sathish S <s.s.sath...@ericsson.com>;
Kohilavani G <kohilavan...@ericsson.com>
Subject: Re: [ClusterLabs] resource-agents security update
[You don't often get email from oalbr...@redhat.com. Learn why this is
important at https://aka.ms/LearnAboutSenderIdentification ]
Hi,
This is a urllib3 CVE (bundled with resource-agents on RHEL8), so on other
distros you'll have to check if the python-urllib3 package is version 1.26.19,
2.2.2 or later. If not you can check the distro-specific changelog to see if
the CVE has been fixed in the version you're using.
https://access.redhat.com/errata/RHSA-2024:5309
https://www.tenable.com/plugins/nessus/200807
Oyvind
On 19/09/24 06:32 GMT, S Sathish S via Users wrote:
Thanks Tomas for your response.
@Clusterlab team : can you check on below query and update us.
Regards,
S Sathish S
-----Original Message-----
From: Tomas Jelinek <tojel...@redhat.com>
Sent: Wednesday, September 18, 2024 9:19 PM
To: S Sathish S <s.s.sath...@ericsson.com>; users@clusterlabs.org
Cc: Kohilavani G <kohilavan...@ericsson.com>
Subject: Re: resource-agents security update
Hi,
Sorry, I don't work on resource agents, so I'm not the right person to answer
this question.
Regards,
Tomas
Dne 17. 09. 24 v 14:16 S Sathish S napsal(a):
Hi Tomas/Team,
In our application we are using resource-agent-4.12.0
<https://gi/
t%2F&data=05%7C02%7Cs.s.sathish%40ericsson.com%7C7362a4ae49434b4bbe0a
08dcd879560e%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C63862326285
9655867%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiL
CJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=9vNDpoXa31hSP4PCdf35
9LKi1ir9x1fMRYz2GCSWrfY%3D&reserved=0
hub.com%2FClusterLabs%2Fresource-agents%2Ftree%2Fv4.12.0&data=05%7C02
%
7Cs.s.sathish%40ericsson.com%7Cb2d3854e7d1240dff21708dcd7f96808%7C92e
8
4cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638622713399244865%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3ThxwAAaiOfBcPTLUKeYQBP2w9XHix1ZXmK0KrU4Xvs%3D&reserved=0>
version and that module has vulnerability(CVE-2024-37891) reported and fixed on below
RHSA Errata. can you check and provided fixed on resource-agent latest version on upstream
also.
https://acc/
e%2F&data=05%7C02%7Cs.s.sathish%40ericsson.com%7C7362a4ae49434b4bbe0a
08dcd879560e%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C63862326285
9672823%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiL
CJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=sMArNs1F0EhkWKOZoQGM
27ky82Ih%2BoW6NbWLQgzI3bo%3D&reserved=0
ss.redhat.com%2Ferrata%2FRHSA-2024%3A6310&data=05%7C02%7Cs.s.sathish%
4
0ericsson.com%7Cb2d3854e7d1240dff21708dcd7f96808%7C92e84cebfbfd47abbe
5
2080c6b87953f%7C0%7C0%7C638622713399254190%7CUnknown%7CTWFpbGZsb3d8ey
J
WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7
C
%7C%7C&sdata=nXfNx6aeV1AcJJ7U0VVcztbm%2BGUHcC9QgK%2FdiKLgz7E%3D&reser
v
ed=0
Thanks and Regards,
S Sathish S
_______________________________________________
Manage your subscription:
https://lists/
.clusterlabs.org%2Fmailman%2Flistinfo%2Fusers&data=05%7C02%7Cs.s.sathis
h%40ericsson.com%7C7362a4ae49434b4bbe0a08dcd879560e%7C92e84cebfbfd47abb
e52080c6b87953f%7C0%7C0%7C638623262859687084%7CUnknown%7CTWFpbGZsb3d8ey
JWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C
%7C%7C&sdata=wiZLjXCM743n24lC8ddorB5URDAZ9LDaJPFYVhQV%2FiQ%3D&reserved=
0
ClusterLabs home:
https://www.c/
lusterlabs.org%2F&data=05%7C02%7Cs.s.sathish%40ericsson.com%7C7362a4ae49434b4bbe0a08dcd879560e%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638623262859699515%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=q3NA%2FrA7X5m4ZIZH9zuSPm8E9AgdYMhw757i%2FOh5sDw%3D&reserved=0
_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users
ClusterLabs home: https://www.clusterlabs.org/
