Red Hat Product Errata RHSA-2024:8172 - Security Advisory
Issued:
2024-10-16
Updated:
2024-10-16

RHSA-2024:8172 - Security Advisory

Synopsis

Important: resource-agents security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for resource-agents is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.

Security Fix(es):

  • pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 8.4 x86_64
  • Red Hat Enterprise Linux High Availability for x86_64 - Telecommunications Update Service 8.4 x86_64
  • Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support Extension 8.4 x86_64

Fixes

  • BZ - 2297771 - CVE-2024-6345 pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools

Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 8.4

SRPM
resource-agents-4.1.1-90.el8_4.18.src.rpm SHA-256: 73c3923f748ed15c18acb8575e8e5b1a44aff5b5a207fd0cf6ea25a49d226b36
ppc64le
resource-agents-4.1.1-90.el8_4.18.ppc64le.rpm SHA-256: 8dd8ee6e2f705305e4c84e25064d7a169a6553283335f9b2464570d3ca70593e
resource-agents-debuginfo-4.1.1-90.el8_4.18.ppc64le.rpm SHA-256: dbb6f62dc56d608413d25774421329709b9b0532dfd427f8a9b143d8be246807
resource-agents-debugsource-4.1.1-90.el8_4.18.ppc64le.rpm SHA-256: b76c81d0aa5b0a605b1b48c8a42c7c79518936d925276201fb0851f0422a8312

Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 8.4

SRPM
resource-agents-4.1.1-90.el8_4.18.src.rpm SHA-256: 73c3923f748ed15c18acb8575e8e5b1a44aff5b5a207fd0cf6ea25a49d226b36
x86_64
resource-agents-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: 89978e3413b9aa70cb4a67eb48b0dbadebec9499d9bfaafa63060bb3fa0e1c3e
resource-agents-aliyun-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: 1216b31cc8aaca227f1732fdae543c46845af65c322b711bf9afd23de1c4d9c8
resource-agents-aliyun-debuginfo-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: 76ba7fec2b8e046eac528b44c083f13d5f72d04e50e37dedf2ab0b342140c83c
resource-agents-debuginfo-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: 796d60637167b19faab6ac2d96eabcd03c6da1e4de2b8765b48fd056977ee488
resource-agents-debugsource-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: 77090dd72d016baac5755cade35db9cd959ead41fdd7f392596d9a41a18ed6ad
resource-agents-gcp-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: ecb7784b0dfb2f7defc0a0894e50c54b00c9a9e8d47a6e446641943402ba5041

Red Hat Enterprise Linux High Availability for x86_64 - Telecommunications Update Service 8.4

SRPM
resource-agents-4.1.1-90.el8_4.18.src.rpm SHA-256: 73c3923f748ed15c18acb8575e8e5b1a44aff5b5a207fd0cf6ea25a49d226b36
x86_64
resource-agents-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: 89978e3413b9aa70cb4a67eb48b0dbadebec9499d9bfaafa63060bb3fa0e1c3e
resource-agents-aliyun-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: 1216b31cc8aaca227f1732fdae543c46845af65c322b711bf9afd23de1c4d9c8
resource-agents-aliyun-debuginfo-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: 76ba7fec2b8e046eac528b44c083f13d5f72d04e50e37dedf2ab0b342140c83c
resource-agents-debuginfo-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: 796d60637167b19faab6ac2d96eabcd03c6da1e4de2b8765b48fd056977ee488
resource-agents-debugsource-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: 77090dd72d016baac5755cade35db9cd959ead41fdd7f392596d9a41a18ed6ad
resource-agents-gcp-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: ecb7784b0dfb2f7defc0a0894e50c54b00c9a9e8d47a6e446641943402ba5041

Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support Extension 8.4

SRPM
resource-agents-4.1.1-90.el8_4.18.src.rpm SHA-256: 73c3923f748ed15c18acb8575e8e5b1a44aff5b5a207fd0cf6ea25a49d226b36
x86_64
resource-agents-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: 89978e3413b9aa70cb4a67eb48b0dbadebec9499d9bfaafa63060bb3fa0e1c3e
resource-agents-aliyun-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: 1216b31cc8aaca227f1732fdae543c46845af65c322b711bf9afd23de1c4d9c8
resource-agents-aliyun-debuginfo-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: 76ba7fec2b8e046eac528b44c083f13d5f72d04e50e37dedf2ab0b342140c83c
resource-agents-debuginfo-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: 796d60637167b19faab6ac2d96eabcd03c6da1e4de2b8765b48fd056977ee488
resource-agents-debugsource-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: 77090dd72d016baac5755cade35db9cd959ead41fdd7f392596d9a41a18ed6ad
resource-agents-gcp-4.1.1-90.el8_4.18.x86_64.rpm SHA-256: ecb7784b0dfb2f7defc0a0894e50c54b00c9a9e8d47a6e446641943402ba5041

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.