-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Low: resource-agents security and bug fix update Advisory ID: RHSA-2020:5004-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:5004 Issue date: 2020-11-10 CVE Names: CVE-2020-11078 ==================================================================== 1. Summary: An update for resource-agents is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server High Availability (v. 7) - ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Resilient Storage (v. 7) - ppc64le, s390x, x86_64 Red Hat Enterprise Linux for SAP (v. 7) - ppc64le, x86_64 Red Hat Enterprise Linux for SAP HANA (v. 7) - ppc64le, x86_64 3. Description: The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment. Security Fix(es): * python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * gcp-vpc-move-vip: An existing alias IP range is removed when a second alias IP range is added (BZ#1846732) * sybaseASE: Resource fails to complete a probe operation without access to $sybase_home [RHEL 7] (BZ#1848673) * azure-lb: Resource fails intermittently due to nc output redirection to pidfile (BZ#1850779) * azure-events: handle exceptions in urlopen (RHEL7) (BZ#1862121) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1845937 - CVE-2020-11078 python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function 1848673 - sybaseASE: Resource fails to complete a probe operation without access to $sybase_home [RHEL 7] 1862121 - azure-events: handle exceptions in urlopen (RHEL7) 6. Package List: Red Hat Enterprise Linux Server High Availability (v. 7): Source: resource-agents-4.1.1-61.el7_9.4.src.rpm ppc64le: resource-agents-4.1.1-61.el7_9.4.ppc64le.rpm resource-agents-debuginfo-4.1.1-61.el7_9.4.ppc64le.rpm s390x: resource-agents-4.1.1-61.el7_9.4.s390x.rpm resource-agents-debuginfo-4.1.1-61.el7_9.4.s390x.rpm x86_64: resource-agents-4.1.1-61.el7_9.4.x86_64.rpm resource-agents-aliyun-4.1.1-61.el7_9.4.x86_64.rpm resource-agents-debuginfo-4.1.1-61.el7_9.4.x86_64.rpm resource-agents-gcp-4.1.1-61.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Server Resilient Storage (v. 7): Source: resource-agents-4.1.1-61.el7_9.4.src.rpm ppc64le: resource-agents-4.1.1-61.el7_9.4.ppc64le.rpm resource-agents-debuginfo-4.1.1-61.el7_9.4.ppc64le.rpm s390x: resource-agents-4.1.1-61.el7_9.4.s390x.rpm resource-agents-debuginfo-4.1.1-61.el7_9.4.s390x.rpm x86_64: resource-agents-4.1.1-61.el7_9.4.x86_64.rpm resource-agents-aliyun-4.1.1-61.el7_9.4.x86_64.rpm resource-agents-debuginfo-4.1.1-61.el7_9.4.x86_64.rpm resource-agents-gcp-4.1.1-61.el7_9.4.x86_64.rpm Red Hat Enterprise Linux for SAP (v. 7): Source: resource-agents-4.1.1-61.el7_9.4.src.rpm ppc64le: resource-agents-debuginfo-4.1.1-61.el7_9.4.ppc64le.rpm resource-agents-sap-4.1.1-61.el7_9.4.ppc64le.rpm sap-cluster-connector-3.0.1-37.el7_9.4.ppc64le.rpm x86_64: resource-agents-debuginfo-4.1.1-61.el7_9.4.x86_64.rpm resource-agents-sap-4.1.1-61.el7_9.4.x86_64.rpm sap-cluster-connector-3.0.1-37.el7_9.4.x86_64.rpm Red Hat Enterprise Linux for SAP HANA (v. 7): Source: resource-agents-4.1.1-61.el7_9.4.src.rpm ppc64le: resource-agents-debuginfo-4.1.1-61.el7_9.4.ppc64le.rpm resource-agents-sap-hana-4.1.1-61.el7_9.4.ppc64le.rpm resource-agents-sap-hana-scaleout-0.164.0-6.el7_9.4.ppc64le.rpm x86_64: resource-agents-debuginfo-4.1.1-61.el7_9.4.x86_64.rpm resource-agents-sap-hana-4.1.1-61.el7_9.4.x86_64.rpm resource-agents-sap-hana-scaleout-0.164.0-6.el7_9.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-11078 https://access.redhat.com/security/updates/classification/#low 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX6qUBNzjgjWX9erEAQitPQ/9HAyFbW2F4KsIRUYzMm31vKTNKTXFraHR Nr2nfsiBlyglaH3oyInIo8POdYwuHEarKhVVA5yjctiEkTuCQH/FZpQGp4QketsS d2B7mTob7CV5munyUfNhAOseJL42WvSHWfhZX3XHaUGCaZiGAKlLlPaOIGKvMeV9 rv1ZLYjMQpGNk2At53ga9gB4lWbBh4BlfU8LtiIbcuLejZFvl3FeGaTNzBfy2Oa1 I0yMtqLTOqVKnNv9vZl441lwIRzKuNIUse/e2FDDXBnB7hJbST7MAd+RVlQ1ohib Y8WcLklcBQ5C3cEj2b8gmcO/cnoXh/nU2T1nrw94VQ12emRXfcpRJpVDyd9cT8Nt RxgBaCOpCJZrOM/ZSRIAj1sjbLFNZ9CYNqLruhqgQvBiwScHgDxqGmMqzz5eSkgl e7+YQBmoL23+eev7ficNh7tmgC6TqVOMFUYqnp4zVyueTthsZ0Xx/no4tNRsm+pX J6rW0d8JykXHKxzDDolzNPB3eZ/o1dVRnaiSlrPJzWH06mcioXmwlTGOTTpnzLag 5cGAyJVIFzZD2m6KU6+wn2UEPxtwNJwOr6PXovPRUmz/qJlf6VQHYiiW6CD/fCaT Ivbg6h9gd9gOuU8pkDga7gde6MgQWRYlwC5fYlKU003WiwyHdhxXVbey4j0wimBe p7wevIiZUnU=ru0n -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce