ALSA-2024:2132

[ALSA-2024:2132] Moderate: fence-agents security and bug fix update

Type:

security

Severity:

moderate

Release date:

2024-05-07

Description:

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. 

Security Fix(es):

* urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803)
* pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex (CVE-2023-52323)
* jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	fence-agents-kubevirt-4.10.0-62.el9.aarch64.rpm	330adff2b97b733a08315e62a0098a595b8de22b924085b573ff720cbfb33787
noarch	fence-agents-ibm-powervs-4.10.0-62.el9.noarch.rpm	210fde9bca7cfa78ea2a0af44508b12e00780dfbe06e95c394765aa7b43a02e7
noarch	fence-agents-ibm-vpc-4.10.0-62.el9.noarch.rpm	7de2e69a7d2f0cec06dc88b851e2b7e7fa3ee45cab5e8a927a5aae59d6af837b
noarch	fence-agents-virsh-4.10.0-62.el9.noarch.rpm	a1d8d69a0d0ef8fe7ea1589214340121fee9cf64ad705a9b859086356b5cebbe
noarch	fence-agents-common-4.10.0-62.el9.noarch.rpm	a5867c0ce0bdae504b066f42a12ff1903ac5d918bc03fca12a3ab48242558673
noarch	fence-agents-lpar-4.10.0-62.el9.noarch.rpm	b25cbd1df0550235a0c3d9b05b49122fa35a297569a1992de3eb623605f11af1
ppc64le	fence-agents-kubevirt-4.10.0-62.el9.ppc64le.rpm	014b049ed91b30e9b97342fed5e73513d0c85504b720ed290bddd413821074e7
ppc64le	fence-agents-compute-4.10.0-62.el9.ppc64le.rpm	bcf54d70e17baceddbfba5f887b2d2708465c1ac626ae76226ac6d5a73a1fce8
s390x	fence-agents-kubevirt-4.10.0-62.el9.s390x.rpm	bd46bdbab35110106cf3eaa1fbe78154d6c154e956e321760f6c640ed0da37d9
x86_64	fence-virtd-serial-4.10.0-62.el9.x86_64.rpm	0026f5bdedf0312e6e0cdd62bb434a61197448b8e924d9bb4aae3afaf1791576
x86_64	fence-virtd-4.10.0-62.el9.x86_64.rpm	05232234f29b325c72348968a6e9db0639624226736c5c1537d96b4abc80b415
x86_64	fence-agents-kubevirt-4.10.0-62.el9.x86_64.rpm	0c84c357edb3ffb6dd42b6b78ee19f0c2eef14b6e950bc3df3c67ee358d64490
x86_64	fence-virtd-cpg-4.10.0-62.el9.x86_64.rpm	696e7f944ce1656f1c54d6df5d9428a24253d0c6dca24f7beeeb7585e38292ed
x86_64	fence-virtd-multicast-4.10.0-62.el9.x86_64.rpm	755dcb6ea916391e64800d758237df64bb5e17c6a1d2284a46b7c77da4da51a6
x86_64	fence-virtd-tcp-4.10.0-62.el9.x86_64.rpm	9aff18fe2149014371f95215287c87de8908e54b2d92d2846c87942bb5443bec
x86_64	fence-virt-4.10.0-62.el9.x86_64.rpm	b027ad072b98976f222038e5f08a58a25d2e22add218b327e76d36b2166dc354
x86_64	fence-agents-compute-4.10.0-62.el9.x86_64.rpm	ced2648be652ffea936331fef11cb9b61527c0817a42eb165ebfcd43237ee263
x86_64	fence-virtd-libvirt-4.10.0-62.el9.x86_64.rpm	d71bb746867ac1b31a5df2994ae687fe01ed58bc5c69e66d88762fc6d9c9b60d

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.