Red Hat Product Errata RHSA-2024:6311 - Security Advisory
Issued:
2024-09-04
Updated:
2024-09-04

RHSA-2024:6311 - Security Advisory

Synopsis

Moderate: resource-agents security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for resource-agents is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.

Security Fix(es):

  • urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)
  • pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux High Availability for x86_64 8 x86_64
  • Red Hat Enterprise Linux High Availability for ARM 64 8 aarch64
  • Red Hat Enterprise Linux Resilient Storage for x86_64 8 x86_64
  • Red Hat Enterprise Linux Resilient Storage for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux High Availability for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux Resilient Storage for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux High Availability for Power, little endian 8 ppc64le

Fixes

  • BZ - 2292788 - CVE-2024-37891 urllib3: proxy-authorization request header is not stripped during cross-origin redirects
  • BZ - 2297771 - CVE-2024-6345 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools
  • RHEL-50041 - gcp-pd-move: fix TLS_VERSION_1 issue

Red Hat Enterprise Linux High Availability for x86_64 8

SRPM
resource-agents-4.9.0-54.el8_10.4.src.rpm SHA-256: 66605e244189256f4e251c5528f7229f4973c77adec1fcdc4d9a85d31874a412
x86_64
resource-agents-4.9.0-54.el8_10.4.x86_64.rpm SHA-256: 355cf5e3b9da7c2d02ec02fd37755c80f3c169965efa702a890fb4a5339ff2c1
resource-agents-aliyun-4.9.0-54.el8_10.4.x86_64.rpm SHA-256: c122920d77c1f3704de208382acf486f2363d3bf49033f94aab212b2819d8beb
resource-agents-aliyun-debuginfo-4.9.0-54.el8_10.4.x86_64.rpm SHA-256: 2f1e5a36876716616b377946a63625fa53014b87ebd67ab5b915fca52688ef04
resource-agents-debuginfo-4.9.0-54.el8_10.4.x86_64.rpm SHA-256: 4bb54426b42d0f8cb407989dd77e4db74645c1bfc9419a8205358d018743fe1b
resource-agents-debugsource-4.9.0-54.el8_10.4.x86_64.rpm SHA-256: e0a77309660766c265ccbd52c5507ea2bfc163dd8c87177e510e6c48c9c61f70
resource-agents-gcp-4.9.0-54.el8_10.4.x86_64.rpm SHA-256: c12e16169dbac1f541efc4fc2c1dce48dce90c1fd5934f606869a252983ff4a7
resource-agents-paf-4.9.0-54.el8_10.4.x86_64.rpm SHA-256: 9aaf4d06d26e4201233d97069e5be6ecc234a7f477acbc03bfde4e4e27ef1fbc

Red Hat Enterprise Linux High Availability for ARM 64 8

SRPM
resource-agents-4.9.0-54.el8_10.4.src.rpm SHA-256: 66605e244189256f4e251c5528f7229f4973c77adec1fcdc4d9a85d31874a412
aarch64
resource-agents-4.9.0-54.el8_10.4.aarch64.rpm SHA-256: 02259f0f371609bea27c178b088a65c4409a3cb77f3f25fdce8d6eedff4b5859
resource-agents-debuginfo-4.9.0-54.el8_10.4.aarch64.rpm SHA-256: 7ef565cb0250fcadc3e516303fcdb6f686db34f5f40454961a9c7fb18a456f1b
resource-agents-debugsource-4.9.0-54.el8_10.4.aarch64.rpm SHA-256: 2089f469e084c7433198aefc4de02a5c4165c35d1a8281309ff73534386d7f06
resource-agents-paf-4.9.0-54.el8_10.4.aarch64.rpm SHA-256: 157bce9a2a328f6e85fd9c09307c776ac8f30830303b50fcb33234b920543108

Red Hat Enterprise Linux Resilient Storage for x86_64 8

SRPM
resource-agents-4.9.0-54.el8_10.4.src.rpm SHA-256: 66605e244189256f4e251c5528f7229f4973c77adec1fcdc4d9a85d31874a412
x86_64
resource-agents-4.9.0-54.el8_10.4.x86_64.rpm SHA-256: 355cf5e3b9da7c2d02ec02fd37755c80f3c169965efa702a890fb4a5339ff2c1
resource-agents-aliyun-4.9.0-54.el8_10.4.x86_64.rpm SHA-256: c122920d77c1f3704de208382acf486f2363d3bf49033f94aab212b2819d8beb
resource-agents-aliyun-debuginfo-4.9.0-54.el8_10.4.x86_64.rpm SHA-256: 2f1e5a36876716616b377946a63625fa53014b87ebd67ab5b915fca52688ef04
resource-agents-debuginfo-4.9.0-54.el8_10.4.x86_64.rpm SHA-256: 4bb54426b42d0f8cb407989dd77e4db74645c1bfc9419a8205358d018743fe1b
resource-agents-debugsource-4.9.0-54.el8_10.4.x86_64.rpm SHA-256: e0a77309660766c265ccbd52c5507ea2bfc163dd8c87177e510e6c48c9c61f70
resource-agents-gcp-4.9.0-54.el8_10.4.x86_64.rpm SHA-256: c12e16169dbac1f541efc4fc2c1dce48dce90c1fd5934f606869a252983ff4a7
resource-agents-paf-4.9.0-54.el8_10.4.x86_64.rpm SHA-256: 9aaf4d06d26e4201233d97069e5be6ecc234a7f477acbc03bfde4e4e27ef1fbc

Red Hat Enterprise Linux Resilient Storage for IBM z Systems 8

SRPM
resource-agents-4.9.0-54.el8_10.4.src.rpm SHA-256: 66605e244189256f4e251c5528f7229f4973c77adec1fcdc4d9a85d31874a412
s390x
resource-agents-4.9.0-54.el8_10.4.s390x.rpm SHA-256: 6a069428f93d375824e69a2c7a00a9629926d790c43cbed88cd9ab8789a89451
resource-agents-debuginfo-4.9.0-54.el8_10.4.s390x.rpm SHA-256: 50d5d2801ddb097db483e8d7a756e0d16e955d0c785261c13801001fdc0cd1ae
resource-agents-debugsource-4.9.0-54.el8_10.4.s390x.rpm SHA-256: ceccdd65919d97badf6a6d59d6ecf653e94dfce5fbbe219c663b1c1b8017bfab
resource-agents-paf-4.9.0-54.el8_10.4.s390x.rpm SHA-256: d00829e811c45511af66e8b6c45d213010f5627dd8c4c21975b3e3e139722ea5

Red Hat Enterprise Linux High Availability for IBM z Systems 8

SRPM
resource-agents-4.9.0-54.el8_10.4.src.rpm SHA-256: 66605e244189256f4e251c5528f7229f4973c77adec1fcdc4d9a85d31874a412
s390x
resource-agents-4.9.0-54.el8_10.4.s390x.rpm SHA-256: 6a069428f93d375824e69a2c7a00a9629926d790c43cbed88cd9ab8789a89451
resource-agents-debuginfo-4.9.0-54.el8_10.4.s390x.rpm SHA-256: 50d5d2801ddb097db483e8d7a756e0d16e955d0c785261c13801001fdc0cd1ae
resource-agents-debugsource-4.9.0-54.el8_10.4.s390x.rpm SHA-256: ceccdd65919d97badf6a6d59d6ecf653e94dfce5fbbe219c663b1c1b8017bfab
resource-agents-paf-4.9.0-54.el8_10.4.s390x.rpm SHA-256: d00829e811c45511af66e8b6c45d213010f5627dd8c4c21975b3e3e139722ea5

Red Hat Enterprise Linux Resilient Storage for Power, little endian 8

SRPM
resource-agents-4.9.0-54.el8_10.4.src.rpm SHA-256: 66605e244189256f4e251c5528f7229f4973c77adec1fcdc4d9a85d31874a412
ppc64le
resource-agents-4.9.0-54.el8_10.4.ppc64le.rpm SHA-256: 344d4c7b44053516c9cd9908de2cdef89ef24c969ec4548b995fb13989ed6c6a
resource-agents-debuginfo-4.9.0-54.el8_10.4.ppc64le.rpm SHA-256: d44d93130aa316cbc037843dc7541af34912215b6df13ceab6106ce7e4536ff5
resource-agents-debugsource-4.9.0-54.el8_10.4.ppc64le.rpm SHA-256: 1d315fc2ec839f6cf613bd3b250a66831b8b910c4e50076bf50e273f4d7378ba
resource-agents-paf-4.9.0-54.el8_10.4.ppc64le.rpm SHA-256: 74a6b79c053f656c14fe7ee5a3841699cf057c8c48b923437b8e0813a5ed540c

Red Hat Enterprise Linux High Availability for Power, little endian 8

SRPM
resource-agents-4.9.0-54.el8_10.4.src.rpm SHA-256: 66605e244189256f4e251c5528f7229f4973c77adec1fcdc4d9a85d31874a412
ppc64le
resource-agents-4.9.0-54.el8_10.4.ppc64le.rpm SHA-256: 344d4c7b44053516c9cd9908de2cdef89ef24c969ec4548b995fb13989ed6c6a
resource-agents-debuginfo-4.9.0-54.el8_10.4.ppc64le.rpm SHA-256: d44d93130aa316cbc037843dc7541af34912215b6df13ceab6106ce7e4536ff5
resource-agents-debugsource-4.9.0-54.el8_10.4.ppc64le.rpm SHA-256: 1d315fc2ec839f6cf613bd3b250a66831b8b910c4e50076bf50e273f4d7378ba
resource-agents-paf-4.9.0-54.el8_10.4.ppc64le.rpm SHA-256: 74a6b79c053f656c14fe7ee5a3841699cf057c8c48b923437b8e0813a5ed540c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.