An update for fence-agents is now available for openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-2146 Final 1.0 1.0 2024-09-20 Initial 2024-09-20 2024-09-20 openEuler SA Tool V1.0 2024-09-20 fence-agents security update An update for fence-agents is now available for openEuler-20.03-LTS-SP4 A collection of executables to handle isolation ("fencing") of possibly misbehaving hosts by the means of remote power management, blocking network, storage, or similar. They operate through a unified interface (calling conventions) devised for the original Red Hat clustering solution. Security Fix(es): PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.(CVE-2023-52323) An update for fence-agents is now available for openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium fence-agents https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2146 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2023-52323 https://nvd.nist.gov/vuln/detail/CVE-2023-52323 openEuler-20.03-LTS-SP4 fence-agents-4.2.1-33.oe2003sp4.src.rpm fence-agents-aliyun-4.2.1-33.oe2003sp4.x86_64.rpm fence-agents-all-4.2.1-33.oe2003sp4.x86_64.rpm fence-agents-debuginfo-4.2.1-33.oe2003sp4.x86_64.rpm fence-agents-debugsource-4.2.1-33.oe2003sp4.x86_64.rpm fence-agents-kdump-4.2.1-33.oe2003sp4.x86_64.rpm fence-agents-redfish-4.2.1-33.oe2003sp4.x86_64.rpm fence-agents-all-4.2.1-33.oe2003sp4.aarch64.rpm fence-agents-debuginfo-4.2.1-33.oe2003sp4.aarch64.rpm fence-agents-debugsource-4.2.1-33.oe2003sp4.aarch64.rpm fence-agents-kdump-4.2.1-33.oe2003sp4.aarch64.rpm fence-agents-redfish-4.2.1-33.oe2003sp4.aarch64.rpm fence-agents-amt-ws-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-apc-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-apc-snmp-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-aws-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-bladecenter-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-brocade-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-cisco-mds-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-cisco-ucs-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-common-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-compute-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-drac5-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-eaton-snmp-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-emerson-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-eps-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-gce-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-heuristics-ping-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-hpblade-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-ibmblade-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-ifmib-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-ilo-moonshot-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-ilo-mp-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-ilo-ssh-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-ilo2-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-intelmodular-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-ipdu-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-ipmilan-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-mpath-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-rhevm-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-rsa-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-rsb-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-sbd-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-scsi-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-virsh-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-vmware-rest-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-vmware-soap-4.2.1-33.oe2003sp4.noarch.rpm fence-agents-wti-4.2.1-33.oe2003sp4.noarch.rpm PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. 2024-09-20 CVE-2023-52323 openEuler-20.03-LTS-SP4 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N fence-agents security update 2024-09-20 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-2146