RedHat: RHSA-2020-4605:01 Low: resource-agents security and bug fix update
Summary
The resource-agents packages provide the Pacemaker and RGManager service
managers with a set of scripts. These scripts interface with several
services to allow operating in a high-availability (HA) environment.
Security Fix(es):
* python-httplib2: CRLF injection via an attacker controlled unescaped part
of uri for httplib2.Http.request function (CVE-2020-11078)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.3 Release Notes linked from the References section.
Summary
Solution
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
References
https://access.redhat.com/security/cve/CVE-2020-11078 https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/index
Package List
Red Hat Enterprise Linux High Availability (v. 8):
Source:
resource-agents-4.1.1-68.el8.src.rpm
aarch64:
resource-agents-4.1.1-68.el8.aarch64.rpm
resource-agents-debuginfo-4.1.1-68.el8.aarch64.rpm
resource-agents-debugsource-4.1.1-68.el8.aarch64.rpm
ppc64le:
resource-agents-4.1.1-68.el8.ppc64le.rpm
resource-agents-debuginfo-4.1.1-68.el8.ppc64le.rpm
resource-agents-debugsource-4.1.1-68.el8.ppc64le.rpm
s390x:
resource-agents-4.1.1-68.el8.s390x.rpm
resource-agents-debuginfo-4.1.1-68.el8.s390x.rpm
resource-agents-debugsource-4.1.1-68.el8.s390x.rpm
x86_64:
resource-agents-4.1.1-68.el8.x86_64.rpm
resource-agents-aliyun-4.1.1-68.el8.x86_64.rpm
resource-agents-aliyun-debuginfo-4.1.1-68.el8.x86_64.rpm
resource-agents-debuginfo-4.1.1-68.el8.x86_64.rpm
resource-agents-debugsource-4.1.1-68.el8.x86_64.rpm
resource-agents-gcp-4.1.1-68.el8.x86_64.rpm
Red Hat Enterprise Linux Resilient Storage (v. 8):
Source:
resource-agents-4.1.1-68.el8.src.rpm
ppc64le:
resource-agents-4.1.1-68.el8.ppc64le.rpm
resource-agents-debuginfo-4.1.1-68.el8.ppc64le.rpm
resource-agents-debugsource-4.1.1-68.el8.ppc64le.rpm
s390x:
resource-agents-4.1.1-68.el8.s390x.rpm
resource-agents-debuginfo-4.1.1-68.el8.s390x.rpm
resource-agents-debugsource-4.1.1-68.el8.s390x.rpm
x86_64:
resource-agents-4.1.1-68.el8.x86_64.rpm
resource-agents-aliyun-4.1.1-68.el8.x86_64.rpm
resource-agents-aliyun-debuginfo-4.1.1-68.el8.x86_64.rpm
resource-agents-debuginfo-4.1.1-68.el8.x86_64.rpm
resource-agents-debugsource-4.1.1-68.el8.x86_64.rpm
resource-agents-gcp-4.1.1-68.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
Topic
An update for resource-agents is now available for Red Hat Enterprise Linux8.Red Hat Product Security has rated this update as having a security impactof Low. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux High Availability (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Resilient Storage (v. 8) - ppc64le, s390x, x86_64
Bugs Fixed
1759115 - Resource agent for route53 (RHEL8)
1817432 - Make "secure" temp files (by not saving them in /tmp)
1817598 - ocf-shellfuncs: fix ocf_is_clone() (clone_max can be 0 with cloned resources)
1819021 - aws-vpc-move-ip leaves static routes
1820523 - exportfs fails to 'monitor' path that contains symlinks
1830716 - nova-evacuate is needlessly verbose
1832321 - rabbitmq start timeout is problematic
1836186 - pgsql: support to crm_mon output for Pacemaker-2.0.3
1843999 - aliyun-vpc-move-ip: log errors with command/return codes when failing, and improve debug logging
1845574 - azure-events: handle exceptions in urlopen
1845581 - nfsserver: prevent error messages when /etc/sysconfig/nfs does not exist
1845583 - exportfs: describe clientspec format in metadata
1845937 - CVE-2020-11078 python-httplib2: CRLF injection via an attacker controlled unescaped part of uri for httplib2.Http.request function