Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.3822
resource-agents security, bug fix, and enhancement update
10 November 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: resource-agents
Publisher: Red Hat
Operating System: Red Hat
Impact/Access: Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-27291 CVE-2021-20270
Reference: ESB-2021.2902
ESB-2021.0849
Original Bulletin:
https://access.redhat.com/errata/RHSA-2021:4139
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Moderate: resource-agents security, bug fix, and enhancement update
Advisory ID: RHSA-2021:4139-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:4139
Issue date: 2021-11-09
CVE Names: CVE-2021-20270 CVE-2021-27291
=====================================================================
1. Summary:
An update for resource-agents is now available for Red Hat Enterprise Linux
8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux HighAvailability (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux ResilientStorage (v. 8) - ppc64le, s390x, x86_64
3. Description:
The resource-agents packages provide the Pacemaker and RGManager service
managers with a set of scripts. These scripts interface with several
services to allow operating in a high-availability (HA) environment.
Security Fix(es):
* python-pygments: Infinite loop in SML lexer may lead to DoS
(CVE-2021-20270)
* python-pygments: ReDoS in multiple lexers (CVE-2021-27291)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.5 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1872754 - Add pgsqlms resource agent
1891883 - ethmonitor: fix to be able to use with vlan interfaces
1902045 - ocf:heartbeat:iface-vlan does not allow multiple vlans by interface nor multiple VLANs
1920698 - podman resource agent logs spurious failed resource actions
1922136 - CVE-2021-20270 python-pygments: Infinite loop in SML lexer may lead to DoS
1924363 - nfsserver: Failure to unmount /var/lib/nfs doesn't cause stop failure
1928238 - Support for other filesystems on top of crypt devices on RHEL HA (ext4/xfs)
1932863 - VirtualDomain: fix pid_status() on RHEL8
1934651 - DB2: promote fails with HADR state PRIMARY/REMOTE_CATCHUP_PENDING/CONNECTED
1939281 - aws-vpc-move-ip: Enable eni lookup for AWS shared networks via RAM [RHEL 8]
1939992 - awsvip: dont match similar IPs
1940094 - AWS agents: dont spam logs when getting token
1940603 - CVE-2021-27291 python-pygments: ReDoS in multiple lexers
1957765 - gcp-vpc-move-vip: add retries functionality to avoid failing on first failed request
1969968 - lvmlockd: Remove the option `with_cmirrord` since cmirror is incompatible with lvmlockd
1972035 - LVM-activate: Start operation always recreates drop-in file and runs systemctl daemon-reload
1972743 - resource agent bails out when podman fails to start container under heavy load
6. Package List:
Red Hat Enterprise Linux HighAvailability (v. 8):
Source:
resource-agents-4.1.1-98.el8.src.rpm
aarch64:
resource-agents-4.1.1-98.el8.aarch64.rpm
resource-agents-debuginfo-4.1.1-98.el8.aarch64.rpm
resource-agents-debugsource-4.1.1-98.el8.aarch64.rpm
resource-agents-paf-4.1.1-98.el8.aarch64.rpm
ppc64le:
resource-agents-4.1.1-98.el8.ppc64le.rpm
resource-agents-debuginfo-4.1.1-98.el8.ppc64le.rpm
resource-agents-debugsource-4.1.1-98.el8.ppc64le.rpm
resource-agents-paf-4.1.1-98.el8.ppc64le.rpm
s390x:
resource-agents-4.1.1-98.el8.s390x.rpm
resource-agents-debuginfo-4.1.1-98.el8.s390x.rpm
resource-agents-debugsource-4.1.1-98.el8.s390x.rpm
resource-agents-paf-4.1.1-98.el8.s390x.rpm
x86_64:
resource-agents-4.1.1-98.el8.x86_64.rpm
resource-agents-aliyun-4.1.1-98.el8.x86_64.rpm
resource-agents-aliyun-debuginfo-4.1.1-98.el8.x86_64.rpm
resource-agents-debuginfo-4.1.1-98.el8.x86_64.rpm
resource-agents-debugsource-4.1.1-98.el8.x86_64.rpm
resource-agents-gcp-4.1.1-98.el8.x86_64.rpm
resource-agents-paf-4.1.1-98.el8.x86_64.rpm
Red Hat Enterprise Linux ResilientStorage (v. 8):
Source:
resource-agents-4.1.1-98.el8.src.rpm
ppc64le:
resource-agents-4.1.1-98.el8.ppc64le.rpm
resource-agents-debuginfo-4.1.1-98.el8.ppc64le.rpm
resource-agents-debugsource-4.1.1-98.el8.ppc64le.rpm
resource-agents-paf-4.1.1-98.el8.ppc64le.rpm
s390x:
resource-agents-4.1.1-98.el8.s390x.rpm
resource-agents-debuginfo-4.1.1-98.el8.s390x.rpm
resource-agents-debugsource-4.1.1-98.el8.s390x.rpm
resource-agents-paf-4.1.1-98.el8.s390x.rpm
x86_64:
resource-agents-4.1.1-98.el8.x86_64.rpm
resource-agents-aliyun-4.1.1-98.el8.x86_64.rpm
resource-agents-aliyun-debuginfo-4.1.1-98.el8.x86_64.rpm
resource-agents-debuginfo-4.1.1-98.el8.x86_64.rpm
resource-agents-debugsource-4.1.1-98.el8.x86_64.rpm
resource-agents-gcp-4.1.1-98.el8.x86_64.rpm
resource-agents-paf-4.1.1-98.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-20270
https://access.redhat.com/security/cve/CVE-2021-27291
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYYre6NzjgjWX9erEAQgeQw/+PjJ81dqLMiOuEd/buWdiiDbrOfBeszWh
LxUkmu4wWyMD1TPlgLxUdcD+3ipWJNZDHk/jJTgjr8PQO8bg5dAPCAgn9WqHrA1m
rsfmoqqKw19pbOjcAhWIsRi425dZg0HouSpalVMK4t2wU6GbI2rbd14cHtwi03i3
BXxQKehOQI+Pyeq5c+o13M6/o5sVxf6bZyavz9RH321CwDt5EatO5LA6seEbjklU
oXiKl3JcSwh6ahVW3hyumjCNsJHH+2XD0pw5pc2xZx3iyuhTxnPjhs413qvWxXy2
s1zcxPekeCbIKzWkoAH7depy1o+J6WwQCBiYkqFZyIUnd6+pXeIfltujvWBumnBn
mkLLOhonU1uvlKKVcRLxb9awv60S6ai0YYHJ728YPyDDtEHFThvdK5Ctm/fn2ibM
OU8awQNfzB4tge/S9XFsrnKVcH5VZSvmIWch3np2oV6JP6R6P2nX35a9k7s4sRn+
/eMIZ56zEowO9d4ievt8TLF87aR3cdjIaK9fafjVRBrCfjwy/BF9xuNf1dQBlKn/
Tk8nBbQVFUNXTOsZBHRWmJDx5AjBZgH2fxTxHlkbGB/qksqRb47aW2U8P99+rw/K
Mvm4TQn8HMjxmMjHypOKjencfnxiek1maoqlGS6oxnkYBdOwtTvAHn2uSfEtJdy7
o7yf5vDfoiw=
=lrGC
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYYtjgeNLKJtyKPYoAQhpnBAAszcw/EC4jiQfFIv/DxXptO9DuJO8qX6e
/fUnRRlVGzHRaz/SjiytIMXiQqDxKix1Cpa35W6uGsLyj/WwoI3Kk06gcog2A2b3
1kTQs+zu0ULpwx2b/JhVPtF/OoqYojs5/Z+7XvcJikGta5jgkb60wnBIuvDeoSDS
xXMNIZ8RyO9MDSNCpfYwc6Atv+hejyDqb7/ZMp0aPLnPo+Z8hUJISo+eVz+T76TI
/PHUKZsOMvUWG2wMQt85EnV9DvSmoEmROplc6JDtmtCJiR9TJBqXYrxL6NGtMN20
sjtB0rNtFCDKAcBooJ5iNzA6bimF7VmAn/WlmHSS7hziG8PlfVi2Dl/MyHQPOFBV
78TTxDlf9jMrz+mImkNR+mmaqFUrUQPqY6iIgUFrU8QZv4xdpkDS1vCF3ZtWHvcg
md5P/TcIggIgV/cHfRNi0ZNimMufRuPwmP06CJab97xA94vqCNgLhQaSELS//R/F
zPFhfabXNDmB/U6jjgZIsNmsG2ZxlbxbqQCCtc6uwJmmTJ3SzZI+80KDpNTBQuiW
u3AI72HKnvSe+v/XHM133OHgR1M1hCCFKzSEYZ6gqISwsyfTKt8zq3LMgzg+ieaf
9RclWfTrWnWUxb+HCCN+ccR38Kg6ZdeDQ4aLCaJUNVuSPEMSh0F/OLf45+P8qdHe
QoEq1bUHZMI=
=yoX7
-----END PGP SIGNATURE-----