Issued:: 2024-05-22
Updated:: 2024-05-22

RHSA-2024:2952 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: resource-agents security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for resource-agents is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.

Security Fix(es):

urllib3: Request body not stripped after redirect from 303 status changes request method to GET (CVE-2023-45803)
pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex (CVE-2023-52323)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.10 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux High Availability for x86_64 8 x86_64
Red Hat Enterprise Linux High Availability for ARM 64 8 aarch64
Red Hat Enterprise Linux Resilient Storage for x86_64 8 x86_64
Red Hat Enterprise Linux Resilient Storage for IBM z Systems 8 s390x
Red Hat Enterprise Linux High Availability for IBM z Systems 8 s390x
Red Hat Enterprise Linux Resilient Storage for Power, little endian 8 ppc64le
Red Hat Enterprise Linux High Availability for Power, little endian 8 ppc64le
Red Hat Enterprise Linux High Availability for ARM 64 - Extended Life Cycle 8.10 aarch64
Red Hat Enterprise Linux High Availability for Power, little endian - Extended Life Cycle 8.10 ppc64le
Red Hat Enterprise Linux High Availability for IBM z Systems - Extended Life Cycle 8.10 s390x
Red Hat Enterprise Linux High Availability for x86_64 - Extended Life Cycle 8.10 x86_64
Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Life Cycle 8.10 ppc64le
Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Life Cycle 8.10 s390x
Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Life Cycle 8.10 x86_64

Fixes

BZ - 1904465 - ocf:heartbeat:mysql is sending stderr to /dev/null
BZ - 2076403 - AWS resource agents: Test up-to-date AWS CLI (RHEL 8)
BZ - 2246840 - CVE-2023-45803 urllib3: Request body not stripped after redirect from 303 status changes request method to GET
BZ - 2257028 - CVE-2023-52323 pycryptodome: side-channel leakage for OAEP decryption in PyCryptodome and pycryptodomex
RHEL-17416 - Full Support of storage-mon agent (RHEL 8)

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux High Availability for x86_64 8

SRPM
resource-agents-4.9.0-54.el8.src.rpm	SHA-256: 3e9983f5ee76f4ca3bd359d9cb5ed576dd7290dd1ea88b60677d3b1fd516e90f
x86_64
resource-agents-4.9.0-54.el8.x86_64.rpm	SHA-256: 1ddf9aa0e94ea2340b50bca6f9fa9bb4e0cb0021ab167bce3765272c226b517e
resource-agents-aliyun-4.9.0-54.el8.x86_64.rpm	SHA-256: 25b10f8b0209da099ae024acccc5fefb81422fd0c8a8039afa6a5d1e5a92b21b
resource-agents-aliyun-debuginfo-4.9.0-54.el8.x86_64.rpm	SHA-256: 5890801a27cac6752cac0daa3685158650d988a8f197e8eaaa2ead116738e906
resource-agents-debuginfo-4.9.0-54.el8.x86_64.rpm	SHA-256: 91cd5e5cb7e6109737c2130b98867a4fdd312c6dc3709f915e6517dc58e76762
resource-agents-debugsource-4.9.0-54.el8.x86_64.rpm	SHA-256: 6f9fbfe7bf9648f9efa0ff34017965893c184d493a0c88ab8d9848c0762326b5
resource-agents-gcp-4.9.0-54.el8.x86_64.rpm	SHA-256: 44c2295250b446a93ba5d3566fa7ec600b814115f76d694e4789f58af13c97fd
resource-agents-paf-4.9.0-54.el8.x86_64.rpm	SHA-256: abef95f428c4854385f83b3dd7823fbd7de4d4b8816eb514509b6247e6b46497

Red Hat Enterprise Linux High Availability for ARM 64 8

SRPM
resource-agents-4.9.0-54.el8.src.rpm	SHA-256: 3e9983f5ee76f4ca3bd359d9cb5ed576dd7290dd1ea88b60677d3b1fd516e90f
aarch64
resource-agents-4.9.0-54.el8.aarch64.rpm	SHA-256: efb25d169c1b126411b6332c4e95be019cbad5a2f95ccb58d0013c720441f68a
resource-agents-debuginfo-4.9.0-54.el8.aarch64.rpm	SHA-256: 538216a0aac1e327c2549b8d728f00d2d3bb2d4be0e543625aebf2ba49b19981
resource-agents-debugsource-4.9.0-54.el8.aarch64.rpm	SHA-256: 31812c3814a892b4fbee28fd51863b9460056259fab8a1f8f190e8e71e157d80
resource-agents-paf-4.9.0-54.el8.aarch64.rpm	SHA-256: 676b0b537b8894cc767b60bd3f6bcc65bdaccdc290cc28173cfd4cac12dcc492

Red Hat Enterprise Linux Resilient Storage for x86_64 8

SRPM
resource-agents-4.9.0-54.el8.src.rpm	SHA-256: 3e9983f5ee76f4ca3bd359d9cb5ed576dd7290dd1ea88b60677d3b1fd516e90f
x86_64
resource-agents-4.9.0-54.el8.x86_64.rpm	SHA-256: 1ddf9aa0e94ea2340b50bca6f9fa9bb4e0cb0021ab167bce3765272c226b517e
resource-agents-aliyun-4.9.0-54.el8.x86_64.rpm	SHA-256: 25b10f8b0209da099ae024acccc5fefb81422fd0c8a8039afa6a5d1e5a92b21b
resource-agents-aliyun-debuginfo-4.9.0-54.el8.x86_64.rpm	SHA-256: 5890801a27cac6752cac0daa3685158650d988a8f197e8eaaa2ead116738e906
resource-agents-debuginfo-4.9.0-54.el8.x86_64.rpm	SHA-256: 91cd5e5cb7e6109737c2130b98867a4fdd312c6dc3709f915e6517dc58e76762
resource-agents-debugsource-4.9.0-54.el8.x86_64.rpm	SHA-256: 6f9fbfe7bf9648f9efa0ff34017965893c184d493a0c88ab8d9848c0762326b5
resource-agents-gcp-4.9.0-54.el8.x86_64.rpm	SHA-256: 44c2295250b446a93ba5d3566fa7ec600b814115f76d694e4789f58af13c97fd
resource-agents-paf-4.9.0-54.el8.x86_64.rpm	SHA-256: abef95f428c4854385f83b3dd7823fbd7de4d4b8816eb514509b6247e6b46497

Red Hat Enterprise Linux Resilient Storage for IBM z Systems 8

SRPM
resource-agents-4.9.0-54.el8.src.rpm	SHA-256: 3e9983f5ee76f4ca3bd359d9cb5ed576dd7290dd1ea88b60677d3b1fd516e90f
s390x
resource-agents-4.9.0-54.el8.s390x.rpm	SHA-256: a118fa7dd8021575ea8c554865b9e9457e2cacb5a0cc5edc36488405c537ff99
resource-agents-debuginfo-4.9.0-54.el8.s390x.rpm	SHA-256: 0fd8f87b5d4d3a49942112746189994b983ca53fa4f286de0d215876ba7a8547
resource-agents-debugsource-4.9.0-54.el8.s390x.rpm	SHA-256: 13077a99ea61ed82a8e5483a5052ca296f57d0f8b3dca0ac50a0b99da1df3dba
resource-agents-paf-4.9.0-54.el8.s390x.rpm	SHA-256: bcdde9f43d7f815e5a8113eddad77593aa45cfdefe99f0d7b8916eb84aadc17d

Red Hat Enterprise Linux High Availability for IBM z Systems 8

SRPM
resource-agents-4.9.0-54.el8.src.rpm	SHA-256: 3e9983f5ee76f4ca3bd359d9cb5ed576dd7290dd1ea88b60677d3b1fd516e90f
s390x
resource-agents-4.9.0-54.el8.s390x.rpm	SHA-256: a118fa7dd8021575ea8c554865b9e9457e2cacb5a0cc5edc36488405c537ff99
resource-agents-debuginfo-4.9.0-54.el8.s390x.rpm	SHA-256: 0fd8f87b5d4d3a49942112746189994b983ca53fa4f286de0d215876ba7a8547
resource-agents-debugsource-4.9.0-54.el8.s390x.rpm	SHA-256: 13077a99ea61ed82a8e5483a5052ca296f57d0f8b3dca0ac50a0b99da1df3dba
resource-agents-paf-4.9.0-54.el8.s390x.rpm	SHA-256: bcdde9f43d7f815e5a8113eddad77593aa45cfdefe99f0d7b8916eb84aadc17d

Red Hat Enterprise Linux Resilient Storage for Power, little endian 8

SRPM
resource-agents-4.9.0-54.el8.src.rpm	SHA-256: 3e9983f5ee76f4ca3bd359d9cb5ed576dd7290dd1ea88b60677d3b1fd516e90f
ppc64le
resource-agents-4.9.0-54.el8.ppc64le.rpm	SHA-256: 80679d23cff690e705dd0bf118575fa6bad48e39f0e7c325e44a262c86121262
resource-agents-debuginfo-4.9.0-54.el8.ppc64le.rpm	SHA-256: 3b45177c1aac11493d5f07383e4f340a157981e979bf4ee097401b2a4e290239
resource-agents-debugsource-4.9.0-54.el8.ppc64le.rpm	SHA-256: 7778f67d3f8e37c2b4a44d9d93822aa4b61ca1399c836a667a9b95ae108cf7cc
resource-agents-paf-4.9.0-54.el8.ppc64le.rpm	SHA-256: 872ac34bd98f5faba7a7ac9bbc7fb72e789b146f896b4cf61c6fe73347dfa19e

Red Hat Enterprise Linux High Availability for Power, little endian 8

SRPM
resource-agents-4.9.0-54.el8.src.rpm	SHA-256: 3e9983f5ee76f4ca3bd359d9cb5ed576dd7290dd1ea88b60677d3b1fd516e90f
ppc64le
resource-agents-4.9.0-54.el8.ppc64le.rpm	SHA-256: 80679d23cff690e705dd0bf118575fa6bad48e39f0e7c325e44a262c86121262
resource-agents-debuginfo-4.9.0-54.el8.ppc64le.rpm	SHA-256: 3b45177c1aac11493d5f07383e4f340a157981e979bf4ee097401b2a4e290239
resource-agents-debugsource-4.9.0-54.el8.ppc64le.rpm	SHA-256: 7778f67d3f8e37c2b4a44d9d93822aa4b61ca1399c836a667a9b95ae108cf7cc
resource-agents-paf-4.9.0-54.el8.ppc64le.rpm	SHA-256: 872ac34bd98f5faba7a7ac9bbc7fb72e789b146f896b4cf61c6fe73347dfa19e

Red Hat Enterprise Linux High Availability for ARM 64 - Extended Life Cycle 8.10

SRPM
resource-agents-4.9.0-54.el8.src.rpm	SHA-256: 3e9983f5ee76f4ca3bd359d9cb5ed576dd7290dd1ea88b60677d3b1fd516e90f
aarch64
resource-agents-4.9.0-54.el8.aarch64.rpm	SHA-256: efb25d169c1b126411b6332c4e95be019cbad5a2f95ccb58d0013c720441f68a
resource-agents-debuginfo-4.9.0-54.el8.aarch64.rpm	SHA-256: 538216a0aac1e327c2549b8d728f00d2d3bb2d4be0e543625aebf2ba49b19981
resource-agents-debugsource-4.9.0-54.el8.aarch64.rpm	SHA-256: 31812c3814a892b4fbee28fd51863b9460056259fab8a1f8f190e8e71e157d80
resource-agents-paf-4.9.0-54.el8.aarch64.rpm	SHA-256: 676b0b537b8894cc767b60bd3f6bcc65bdaccdc290cc28173cfd4cac12dcc492

Red Hat Enterprise Linux High Availability for Power, little endian - Extended Life Cycle 8.10

SRPM
resource-agents-4.9.0-54.el8.src.rpm	SHA-256: 3e9983f5ee76f4ca3bd359d9cb5ed576dd7290dd1ea88b60677d3b1fd516e90f
ppc64le
resource-agents-4.9.0-54.el8.ppc64le.rpm	SHA-256: 80679d23cff690e705dd0bf118575fa6bad48e39f0e7c325e44a262c86121262
resource-agents-debuginfo-4.9.0-54.el8.ppc64le.rpm	SHA-256: 3b45177c1aac11493d5f07383e4f340a157981e979bf4ee097401b2a4e290239
resource-agents-debugsource-4.9.0-54.el8.ppc64le.rpm	SHA-256: 7778f67d3f8e37c2b4a44d9d93822aa4b61ca1399c836a667a9b95ae108cf7cc
resource-agents-paf-4.9.0-54.el8.ppc64le.rpm	SHA-256: 872ac34bd98f5faba7a7ac9bbc7fb72e789b146f896b4cf61c6fe73347dfa19e

Red Hat Enterprise Linux High Availability for IBM z Systems - Extended Life Cycle 8.10

SRPM
resource-agents-4.9.0-54.el8.src.rpm	SHA-256: 3e9983f5ee76f4ca3bd359d9cb5ed576dd7290dd1ea88b60677d3b1fd516e90f
s390x
resource-agents-4.9.0-54.el8.s390x.rpm	SHA-256: a118fa7dd8021575ea8c554865b9e9457e2cacb5a0cc5edc36488405c537ff99
resource-agents-debuginfo-4.9.0-54.el8.s390x.rpm	SHA-256: 0fd8f87b5d4d3a49942112746189994b983ca53fa4f286de0d215876ba7a8547
resource-agents-debugsource-4.9.0-54.el8.s390x.rpm	SHA-256: 13077a99ea61ed82a8e5483a5052ca296f57d0f8b3dca0ac50a0b99da1df3dba
resource-agents-paf-4.9.0-54.el8.s390x.rpm	SHA-256: bcdde9f43d7f815e5a8113eddad77593aa45cfdefe99f0d7b8916eb84aadc17d

Red Hat Enterprise Linux High Availability for x86_64 - Extended Life Cycle 8.10

SRPM
resource-agents-4.9.0-54.el8.src.rpm	SHA-256: 3e9983f5ee76f4ca3bd359d9cb5ed576dd7290dd1ea88b60677d3b1fd516e90f
x86_64
resource-agents-4.9.0-54.el8.x86_64.rpm	SHA-256: 1ddf9aa0e94ea2340b50bca6f9fa9bb4e0cb0021ab167bce3765272c226b517e
resource-agents-aliyun-4.9.0-54.el8.x86_64.rpm	SHA-256: 25b10f8b0209da099ae024acccc5fefb81422fd0c8a8039afa6a5d1e5a92b21b
resource-agents-aliyun-debuginfo-4.9.0-54.el8.x86_64.rpm	SHA-256: 5890801a27cac6752cac0daa3685158650d988a8f197e8eaaa2ead116738e906
resource-agents-debuginfo-4.9.0-54.el8.x86_64.rpm	SHA-256: 91cd5e5cb7e6109737c2130b98867a4fdd312c6dc3709f915e6517dc58e76762
resource-agents-debugsource-4.9.0-54.el8.x86_64.rpm	SHA-256: 6f9fbfe7bf9648f9efa0ff34017965893c184d493a0c88ab8d9848c0762326b5
resource-agents-gcp-4.9.0-54.el8.x86_64.rpm	SHA-256: 44c2295250b446a93ba5d3566fa7ec600b814115f76d694e4789f58af13c97fd
resource-agents-paf-4.9.0-54.el8.x86_64.rpm	SHA-256: abef95f428c4854385f83b3dd7823fbd7de4d4b8816eb514509b6247e6b46497

Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Life Cycle 8.10

SRPM
resource-agents-4.9.0-54.el8.src.rpm	SHA-256: 3e9983f5ee76f4ca3bd359d9cb5ed576dd7290dd1ea88b60677d3b1fd516e90f
ppc64le
resource-agents-4.9.0-54.el8.ppc64le.rpm	SHA-256: 80679d23cff690e705dd0bf118575fa6bad48e39f0e7c325e44a262c86121262
resource-agents-debuginfo-4.9.0-54.el8.ppc64le.rpm	SHA-256: 3b45177c1aac11493d5f07383e4f340a157981e979bf4ee097401b2a4e290239
resource-agents-debugsource-4.9.0-54.el8.ppc64le.rpm	SHA-256: 7778f67d3f8e37c2b4a44d9d93822aa4b61ca1399c836a667a9b95ae108cf7cc
resource-agents-paf-4.9.0-54.el8.ppc64le.rpm	SHA-256: 872ac34bd98f5faba7a7ac9bbc7fb72e789b146f896b4cf61c6fe73347dfa19e

Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Life Cycle 8.10

SRPM
resource-agents-4.9.0-54.el8.src.rpm	SHA-256: 3e9983f5ee76f4ca3bd359d9cb5ed576dd7290dd1ea88b60677d3b1fd516e90f
s390x
resource-agents-4.9.0-54.el8.s390x.rpm	SHA-256: a118fa7dd8021575ea8c554865b9e9457e2cacb5a0cc5edc36488405c537ff99
resource-agents-debuginfo-4.9.0-54.el8.s390x.rpm	SHA-256: 0fd8f87b5d4d3a49942112746189994b983ca53fa4f286de0d215876ba7a8547
resource-agents-debugsource-4.9.0-54.el8.s390x.rpm	SHA-256: 13077a99ea61ed82a8e5483a5052ca296f57d0f8b3dca0ac50a0b99da1df3dba
resource-agents-paf-4.9.0-54.el8.s390x.rpm	SHA-256: bcdde9f43d7f815e5a8113eddad77593aa45cfdefe99f0d7b8916eb84aadc17d

Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Life Cycle 8.10

SRPM
resource-agents-4.9.0-54.el8.src.rpm	SHA-256: 3e9983f5ee76f4ca3bd359d9cb5ed576dd7290dd1ea88b60677d3b1fd516e90f
x86_64
resource-agents-4.9.0-54.el8.x86_64.rpm	SHA-256: 1ddf9aa0e94ea2340b50bca6f9fa9bb4e0cb0021ab167bce3765272c226b517e
resource-agents-aliyun-4.9.0-54.el8.x86_64.rpm	SHA-256: 25b10f8b0209da099ae024acccc5fefb81422fd0c8a8039afa6a5d1e5a92b21b
resource-agents-aliyun-debuginfo-4.9.0-54.el8.x86_64.rpm	SHA-256: 5890801a27cac6752cac0daa3685158650d988a8f197e8eaaa2ead116738e906
resource-agents-debuginfo-4.9.0-54.el8.x86_64.rpm	SHA-256: 91cd5e5cb7e6109737c2130b98867a4fdd312c6dc3709f915e6517dc58e76762
resource-agents-debugsource-4.9.0-54.el8.x86_64.rpm	SHA-256: 6f9fbfe7bf9648f9efa0ff34017965893c184d493a0c88ab8d9848c0762326b5
resource-agents-gcp-4.9.0-54.el8.x86_64.rpm	SHA-256: 44c2295250b446a93ba5d3566fa7ec600b814115f76d694e4789f58af13c97fd
resource-agents-paf-4.9.0-54.el8.x86_64.rpm	SHA-256: abef95f428c4854385f83b3dd7823fbd7de4d4b8816eb514509b6247e6b46497

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation