An update for fence-agents is now available for openEuler-20.03-LTS-SP4
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2024-2146
Final
1.0
1.0
2024-09-20
Initial
2024-09-20
2024-09-20
openEuler SA Tool V1.0
2024-09-20
fence-agents security update
An update for fence-agents is now available for openEuler-20.03-LTS-SP4
A collection of executables to handle isolation ("fencing") of possibly misbehaving hosts by the means of remote power management, blocking network, storage, or similar. They operate through a unified interface (calling conventions) devised for the original Red Hat clustering solution.
Security Fix(es):
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.(CVE-2023-52323)
An update for fence-agents is now available for openEuler-20.03-LTS-SP4.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
fence-agents
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2146
https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52323
https://nvd.nist.gov/vuln/detail/CVE-2023-52323
openEuler-20.03-LTS-SP4
fence-agents-4.2.1-33.oe2003sp4.src.rpm
fence-agents-aliyun-4.2.1-33.oe2003sp4.x86_64.rpm
fence-agents-all-4.2.1-33.oe2003sp4.x86_64.rpm
fence-agents-debuginfo-4.2.1-33.oe2003sp4.x86_64.rpm
fence-agents-debugsource-4.2.1-33.oe2003sp4.x86_64.rpm
fence-agents-kdump-4.2.1-33.oe2003sp4.x86_64.rpm
fence-agents-redfish-4.2.1-33.oe2003sp4.x86_64.rpm
fence-agents-all-4.2.1-33.oe2003sp4.aarch64.rpm
fence-agents-debuginfo-4.2.1-33.oe2003sp4.aarch64.rpm
fence-agents-debugsource-4.2.1-33.oe2003sp4.aarch64.rpm
fence-agents-kdump-4.2.1-33.oe2003sp4.aarch64.rpm
fence-agents-redfish-4.2.1-33.oe2003sp4.aarch64.rpm
fence-agents-amt-ws-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-apc-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-apc-snmp-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-aws-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-bladecenter-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-brocade-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-cisco-mds-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-cisco-ucs-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-common-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-compute-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-drac5-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-eaton-snmp-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-emerson-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-eps-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-gce-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-heuristics-ping-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-hpblade-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-ibmblade-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-ifmib-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-ilo-moonshot-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-ilo-mp-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-ilo-ssh-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-ilo2-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-intelmodular-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-ipdu-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-ipmilan-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-mpath-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-rhevm-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-rsa-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-rsb-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-sbd-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-scsi-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-virsh-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-vmware-rest-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-vmware-soap-4.2.1-33.oe2003sp4.noarch.rpm
fence-agents-wti-4.2.1-33.oe2003sp4.noarch.rpm
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
2024-09-20
CVE-2023-52323
openEuler-20.03-LTS-SP4
Medium
5.9
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
fence-agents security update
2024-09-20
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2146