Red Hat Enterprise Linux 8: RHSA-2020:4605-01 Low: CRLF Injection Issue

red hat

November 4, 2020

An update for resource-agents is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.
Security Fix(es):
* python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function (CVE-2020-11078)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.

Topics Covered

security advisory bug fix Red Hat Enterprise Linux low severity security impact CRLF injection resource-agents

References

https://access.redhat.com/security/cve/CVE-2020-11078 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/index

Package List

Red Hat Enterprise Linux High Availability (v. 8):
Source: resource-agents-4.1.1-68.el8.src.rpm
aarch64: resource-agents-4.1.1-68.el8.aarch64.rpm resource-agents-debuginfo-4.1.1-68.el8.aarch64.rpm resource-agents-debugsource-4.1.1-68.el8.aarch64.rpm
ppc64le: resource-agents-4.1.1-68.el8.ppc64le.rpm resource-agents-debuginfo-4.1.1-68.el8.ppc64le.rpm resource-agents-debugsource-4.1.1-68.el8.ppc64le.rpm
s390x: resource-agents-4.1.1-68.el8.s390x.rpm resource-agents-debuginfo-4.1.1-68.el8.s390x.rpm resource-agents-debugsource-4.1.1-68.el8.s390x.rpm
x86_64: resource-agents-4.1.1-68.el8.x86_64.rpm resource-agents-aliyun-4.1.1-68.el8.x86_64.rpm resource-agents-aliyun-debuginfo-4.1.1-68.el8.x86_64.rpm resource-agents-debuginfo-4.1.1-68.el8.x86_64.rpm resource-agents-debugsource-4.1.1-68.el8.x86_64.rpm resource-agents-gcp-4.1.1-68.el8.x86_64.rpm
Red Hat Enterprise Linux Resilient Storage (v. 8):
Source: resource-agents-4.1.1-68.el8.src.rpm
ppc64le: resource-agents-4.1.1-68.el8.ppc64le.rpm resource-agents-debuginfo-4.1.1-68.el8.ppc64le.rpm resource-agents-debugsource-4.1.1-68.el8.ppc64le.rpm
s390x: resource-agents-4.1.1-68.el8.s390x.rpm resource-agents-debuginfo-4.1.1-68.el8.s390x.rpm resource-agents-debugsource-4.1.1-68.el8.s390x.rpm
x86_64:

Read the Full Advisory

Severity

low

Lowest

Low

Medium

High

Critical

Advisory ID: RHSA-2020:4605-01

Product: Red Hat Enterprise Linux

Advisory URL: https://access.redhat.com/errata/RHSA-2020:4605

Issue date: 2020-11-03

Topic

An update for resource-agents is now available for Red Hat Enterprise Linux8.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics Covered

security advisory bug fix Red Hat Enterprise Linux low severity security impact CRLF injection resource-agents

Relevant Releases Architectures

Red Hat Enterprise Linux High Availability (v. 8) - aarch64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Resilient Storage (v. 8) - ppc64le, s390x, x86_64

Bugs Fixed

1759115 - Resource agent for route53 (RHEL8)

1817432 - Make "secure" temp files (by not saving them in /tmp)

1817598 - ocf-shellfuncs: fix ocf_is_clone() (clone_max can be 0 with cloned resources)

1819021 - aws-vpc-move-ip leaves static routes

1820523 - exportfs fails to 'monitor' path that contains symlinks

1830716 - nova-evacuate is needlessly verbose

1832321 - rabbitmq start timeout is problematic

1836186 - pgsql: support to crm_mon output for Pacemaker-2.0.3

1843999 - aliyun-vpc-move-ip: log errors with command/return codes when failing, and improve debug logging

1845574 - azure-events: handle exceptions in urlopen

1845581 - nfsserver: prevent error messages when /etc/sysconfig/nfs does not exist

1845583 - exportfs: describe clientspec format in metadata

1845937 - CVE-2020-11078 python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Red Hat Enterprise Linux 8: RHSA-2020:4605-01 Low: CRLF Injection Issue

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Red Hat Enterprise Linux 8: RHSA-2020:4605-01 Low: CRLF Injection Issue

Solution

Summary

Topics Covered

References

Package List

Topic

Topics Covered

Relevant Releases Architectures

Bugs Fixed

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!