Re: [ClusterLabs] resource-agents security update

Oyvind Albrigtsen Thu, 19 Sep 2024 00:04:58 -0700

Hi,

This is a urllib3 CVE (bundled with resource-agents on RHEL8), so on
other distros you'll have to check if the python-urllib3 package is
version 1.26.19, 2.2.2 or later. If not you can check the
distro-specific changelog to see if the CVE has been fixed in the
version you're using.


https://access.redhat.com/errata/RHSA-2024:5309
https://www.tenable.com/plugins/nessus/200807


Oyvind

On 19/09/24 06:32 GMT, S Sathish S via Users wrote:

Thanks Tomas for your response.

@Clusterlab team : can you check on below query and update us.

Regards,
S Sathish S
-----Original Message-----
From: Tomas Jelinek <tojel...@redhat.com>
Sent: Wednesday, September 18, 2024 9:19 PM
To: S Sathish S <s.s.sath...@ericsson.com>; users@clusterlabs.org
Cc: Kohilavani G <kohilavan...@ericsson.com>
Subject: Re: resource-agents security update

Hi,

Sorry, I don't work on resource agents, so I'm not the right person to answer 
this question.

Regards,
Tomas

Dne 17. 09. 24 v 14:16 S Sathish S napsal(a):

Hi Tomas/Team,

In our application we are using resource-agent-4.12.0
<https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit
hub.com%2FClusterLabs%2Fresource-agents%2Ftree%2Fv4.12.0&data=05%7C02%
7Cs.s.sathish%40ericsson.com%7Cb2d3854e7d1240dff21708dcd7f96808%7C92e8
4cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638622713399244865%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=3ThxwAAaiOfBcPTLUKeYQBP2w9XHix1ZXmK0KrU4Xvs%3D&reserved=0>
 version and that module has vulnerability(CVE-2024-37891) reported and fixed on below 
RHSA Errata. can you check and provided fixed on resource-agent latest version on upstream 
also.

https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Facce
ss.redhat.com%2Ferrata%2FRHSA-2024%3A6310&data=05%7C02%7Cs.s.sathish%4
0ericsson.com%7Cb2d3854e7d1240dff21708dcd7f96808%7C92e84cebfbfd47abbe5
2080c6b87953f%7C0%7C0%7C638622713399254190%7CUnknown%7CTWFpbGZsb3d8eyJ
WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C
%7C%7C&sdata=nXfNx6aeV1AcJJ7U0VVcztbm%2BGUHcC9QgK%2FdiKLgz7E%3D&reserv
ed=0

Thanks and Regards,
S Sathish S


_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/


_______________________________________________
Manage your subscription:
https://lists.clusterlabs.org/mailman/listinfo/users

ClusterLabs home: https://www.clusterlabs.org/

Re: [ClusterLabs] resource-agents security update

Reply via email to