CentOS Local Security Checks : CentOS: Security Advisory for fence-agents-aliyun (CESA-2020:5003)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.883291

Categoría: CentOS Local Security Checks

Título: CentOS: Security Advisory for fence-agents-aliyun (CESA-2020:5003)

Resumen: The remote host is missing an update for the 'fence-agents-aliyun'; package(s) announced via the CESA-2020:5003 advisory.

Descripción: Summary:
The remote host is missing an update for the 'fence-agents-aliyun'
package(s) announced via the CESA-2020:5003 advisory.

Vulnerability Insight:
The fence-agents packages provide a collection of scripts for handling
remote power management for cluster devices. They allow failed or
unreachable nodes to be forcibly restarted and removed from the cluster.

Security Fix(es):

* python-httplib2: CRLF injection via an attacker controlled unescaped part
of uri for httplib2.Http.request function (CVE-2020-11078)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Bug Fix(es):

* fence_lpar: Long username, HMC hostname, or managed system name causes
failures [RHEL 7] (BZ#1860545)

* InstanceHA does not evacuate instances created with private flavor in
tenant project (RHEL7) (BZ#1862024)

Affected Software/OS:
'fence-agents-aliyun' package(s) on CentOS 7.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-11078
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/
https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e
https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89@%3Ccommits.allura.apache.org%3E
https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc@%3Cissues.beam.apache.org%3E
https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f@%3Cissues.beam.apache.org%3E
https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23@%3Cissues.beam.apache.org%3E
https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202@%3Cissues.beam.apache.org%3E
https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1@%3Cissues.beam.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.883291
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for fence-agents-aliyun (CESA-2020:5003)
Resumen:	The remote host is missing an update for the 'fence-agents-aliyun'; package(s) announced via the CESA-2020:5003 advisory.
Descripción:	Summary: The remote host is missing an update for the 'fence-agents-aliyun' package(s) announced via the CESA-2020:5003 advisory. Vulnerability Insight: The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fix(es): * python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * fence_lpar: Long username, HMC hostname, or managed system name causes failures [RHEL 7] (BZ#1860545) * InstanceHA does not evacuate instances created with private flavor in tenant project (RHEL7) (BZ#1862024) Affected Software/OS: 'fence-agents-aliyun' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-11078 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZJ3D6JSM7CFZESZZKGUW2VX55BOSOXI/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXCX2AWROGWGY5GXR7VN3BKF34A2FO6J/ https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e https://lists.apache.org/thread.html/rc9eff9572946142b657c900fe63ea4bbd3535911e8d4ce4d08fe4b89@%3Ccommits.allura.apache.org%3E https://lists.apache.org/thread.html/r23711190c2e98152cb6f216b95090d5eeb978543bb7e0bad22ce47fc@%3Cissues.beam.apache.org%3E https://lists.apache.org/thread.html/r69a462e690b5f2c3d418a288a2c98ae764d58587bd0b5d6ab141f25f@%3Cissues.beam.apache.org%3E https://lists.apache.org/thread.html/rad8872fc99f670958c2774e2bf84ee32a3a0562a0c787465cf3dfa23@%3Cissues.beam.apache.org%3E https://lists.apache.org/thread.html/r7f364000066748299b331b615ba51c62f55ab5b201ddce9a22d98202@%3Cissues.beam.apache.org%3E https://lists.apache.org/thread.html/r4d35dac106fab979f0db75a07fc4e320ad848b722103e79667ff99e1@%3Cissues.beam.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/06/msg00000.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH