-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: resource-agents security, bug fix, and enhancement update Advisory ID: RHSA-2021:4139-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4139 Issue date: 2021-11-09 CVE Names: CVE-2021-20270 CVE-2021-27291 ==================================================================== 1. Summary: An update for resource-agents is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HighAvailability (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux ResilientStorage (v. 8) - ppc64le, s390x, x86_64 3. Description: The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment. Security Fix(es): * python-pygments: Infinite loop in SML lexer may lead to DoS (CVE-2021-20270) * python-pygments: ReDoS in multiple lexers (CVE-2021-27291) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1872754 - Add pgsqlms resource agent 1891883 - ethmonitor: fix to be able to use with vlan interfaces 1902045 - ocf:heartbeat:iface-vlan does not allow multiple vlans by interface nor multiple VLANs 1920698 - podman resource agent logs spurious failed resource actions 1922136 - CVE-2021-20270 python-pygments: Infinite loop in SML lexer may lead to DoS 1924363 - nfsserver: Failure to unmount /var/lib/nfs doesn't cause stop failure 1928238 - Support for other filesystems on top of crypt devices on RHEL HA (ext4/xfs) 1932863 - VirtualDomain: fix pid_status() on RHEL8 1934651 - DB2: promote fails with HADR state PRIMARY/REMOTE_CATCHUP_PENDING/CONNECTED 1939281 - aws-vpc-move-ip: Enable eni lookup for AWS shared networks via RAM [RHEL 8] 1939992 - awsvip: dont match similar IPs 1940094 - AWS agents: dont spam logs when getting token 1940603 - CVE-2021-27291 python-pygments: ReDoS in multiple lexers 1957765 - gcp-vpc-move-vip: add retries functionality to avoid failing on first failed request 1969968 - lvmlockd: Remove the option `with_cmirrord` since cmirror is incompatible with lvmlockd 1972035 - LVM-activate: Start operation always recreates drop-in file and runs systemctl daemon-reload 1972743 - resource agent bails out when podman fails to start container under heavy load 6. Package List: Red Hat Enterprise Linux HighAvailability (v. 8): Source: resource-agents-4.1.1-98.el8.src.rpm aarch64: resource-agents-4.1.1-98.el8.aarch64.rpm resource-agents-debuginfo-4.1.1-98.el8.aarch64.rpm resource-agents-debugsource-4.1.1-98.el8.aarch64.rpm resource-agents-paf-4.1.1-98.el8.aarch64.rpm ppc64le: resource-agents-4.1.1-98.el8.ppc64le.rpm resource-agents-debuginfo-4.1.1-98.el8.ppc64le.rpm resource-agents-debugsource-4.1.1-98.el8.ppc64le.rpm resource-agents-paf-4.1.1-98.el8.ppc64le.rpm s390x: resource-agents-4.1.1-98.el8.s390x.rpm resource-agents-debuginfo-4.1.1-98.el8.s390x.rpm resource-agents-debugsource-4.1.1-98.el8.s390x.rpm resource-agents-paf-4.1.1-98.el8.s390x.rpm x86_64: resource-agents-4.1.1-98.el8.x86_64.rpm resource-agents-aliyun-4.1.1-98.el8.x86_64.rpm resource-agents-aliyun-debuginfo-4.1.1-98.el8.x86_64.rpm resource-agents-debuginfo-4.1.1-98.el8.x86_64.rpm resource-agents-debugsource-4.1.1-98.el8.x86_64.rpm resource-agents-gcp-4.1.1-98.el8.x86_64.rpm resource-agents-paf-4.1.1-98.el8.x86_64.rpm Red Hat Enterprise Linux ResilientStorage (v. 8): Source: resource-agents-4.1.1-98.el8.src.rpm ppc64le: resource-agents-4.1.1-98.el8.ppc64le.rpm resource-agents-debuginfo-4.1.1-98.el8.ppc64le.rpm resource-agents-debugsource-4.1.1-98.el8.ppc64le.rpm resource-agents-paf-4.1.1-98.el8.ppc64le.rpm s390x: resource-agents-4.1.1-98.el8.s390x.rpm resource-agents-debuginfo-4.1.1-98.el8.s390x.rpm resource-agents-debugsource-4.1.1-98.el8.s390x.rpm resource-agents-paf-4.1.1-98.el8.s390x.rpm x86_64: resource-agents-4.1.1-98.el8.x86_64.rpm resource-agents-aliyun-4.1.1-98.el8.x86_64.rpm resource-agents-aliyun-debuginfo-4.1.1-98.el8.x86_64.rpm resource-agents-debuginfo-4.1.1-98.el8.x86_64.rpm resource-agents-debugsource-4.1.1-98.el8.x86_64.rpm resource-agents-gcp-4.1.1-98.el8.x86_64.rpm resource-agents-paf-4.1.1-98.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-20270 https://access.redhat.com/security/cve/CVE-2021-27291 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/ 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYre6NzjgjWX9erEAQgeQw/+PjJ81dqLMiOuEd/buWdiiDbrOfBeszWh LxUkmu4wWyMD1TPlgLxUdcD+3ipWJNZDHk/jJTgjr8PQO8bg5dAPCAgn9WqHrA1m rsfmoqqKw19pbOjcAhWIsRi425dZg0HouSpalVMK4t2wU6GbI2rbd14cHtwi03i3 BXxQKehOQI+Pyeq5c+o13M6/o5sVxf6bZyavz9RH321CwDt5EatO5LA6seEbjklU oXiKl3JcSwh6ahVW3hyumjCNsJHH+2XD0pw5pc2xZx3iyuhTxnPjhs413qvWxXy2 s1zcxPekeCbIKzWkoAH7depy1o+J6WwQCBiYkqFZyIUnd6+pXeIfltujvWBumnBn mkLLOhonU1uvlKKVcRLxb9awv60S6ai0YYHJ728YPyDDtEHFThvdK5Ctm/fn2ibM OU8awQNfzB4tge/S9XFsrnKVcH5VZSvmIWch3np2oV6JP6R6P2nX35a9k7s4sRn+ /eMIZ56zEowO9d4ievt8TLF87aR3cdjIaK9fafjVRBrCfjwy/BF9xuNf1dQBlKn/ Tk8nBbQVFUNXTOsZBHRWmJDx5AjBZgH2fxTxHlkbGB/qksqRb47aW2U8P99+rw/K Mvm4TQn8HMjxmMjHypOKjencfnxiek1maoqlGS6oxnkYBdOwtTvAHn2uSfEtJdy7 o7yf5vDfoiw=lrGC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce