Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3822 resource-agents security, bug fix, and enhancement update 10 November 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: resource-agents Publisher: Red Hat Operating System: Red Hat Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-27291 CVE-2021-20270 Reference: ESB-2021.2902 ESB-2021.0849 Original Bulletin: https://access.redhat.com/errata/RHSA-2021:4139 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: resource-agents security, bug fix, and enhancement update Advisory ID: RHSA-2021:4139-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4139 Issue date: 2021-11-09 CVE Names: CVE-2021-20270 CVE-2021-27291 ===================================================================== 1. Summary: An update for resource-agents is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HighAvailability (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux ResilientStorage (v. 8) - ppc64le, s390x, x86_64 3. Description: The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment. Security Fix(es): * python-pygments: Infinite loop in SML lexer may lead to DoS (CVE-2021-20270) * python-pygments: ReDoS in multiple lexers (CVE-2021-27291) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1872754 - Add pgsqlms resource agent 1891883 - ethmonitor: fix to be able to use with vlan interfaces 1902045 - ocf:heartbeat:iface-vlan does not allow multiple vlans by interface nor multiple VLANs 1920698 - podman resource agent logs spurious failed resource actions 1922136 - CVE-2021-20270 python-pygments: Infinite loop in SML lexer may lead to DoS 1924363 - nfsserver: Failure to unmount /var/lib/nfs doesn't cause stop failure 1928238 - Support for other filesystems on top of crypt devices on RHEL HA (ext4/xfs) 1932863 - VirtualDomain: fix pid_status() on RHEL8 1934651 - DB2: promote fails with HADR state PRIMARY/REMOTE_CATCHUP_PENDING/CONNECTED 1939281 - aws-vpc-move-ip: Enable eni lookup for AWS shared networks via RAM [RHEL 8] 1939992 - awsvip: dont match similar IPs 1940094 - AWS agents: dont spam logs when getting token 1940603 - CVE-2021-27291 python-pygments: ReDoS in multiple lexers 1957765 - gcp-vpc-move-vip: add retries functionality to avoid failing on first failed request 1969968 - lvmlockd: Remove the option `with_cmirrord` since cmirror is incompatible with lvmlockd 1972035 - LVM-activate: Start operation always recreates drop-in file and runs systemctl daemon-reload 1972743 - resource agent bails out when podman fails to start container under heavy load 6. Package List: Red Hat Enterprise Linux HighAvailability (v. 8): Source: resource-agents-4.1.1-98.el8.src.rpm aarch64: resource-agents-4.1.1-98.el8.aarch64.rpm resource-agents-debuginfo-4.1.1-98.el8.aarch64.rpm resource-agents-debugsource-4.1.1-98.el8.aarch64.rpm resource-agents-paf-4.1.1-98.el8.aarch64.rpm ppc64le: resource-agents-4.1.1-98.el8.ppc64le.rpm resource-agents-debuginfo-4.1.1-98.el8.ppc64le.rpm resource-agents-debugsource-4.1.1-98.el8.ppc64le.rpm resource-agents-paf-4.1.1-98.el8.ppc64le.rpm s390x: resource-agents-4.1.1-98.el8.s390x.rpm resource-agents-debuginfo-4.1.1-98.el8.s390x.rpm resource-agents-debugsource-4.1.1-98.el8.s390x.rpm resource-agents-paf-4.1.1-98.el8.s390x.rpm x86_64: resource-agents-4.1.1-98.el8.x86_64.rpm resource-agents-aliyun-4.1.1-98.el8.x86_64.rpm resource-agents-aliyun-debuginfo-4.1.1-98.el8.x86_64.rpm resource-agents-debuginfo-4.1.1-98.el8.x86_64.rpm resource-agents-debugsource-4.1.1-98.el8.x86_64.rpm resource-agents-gcp-4.1.1-98.el8.x86_64.rpm resource-agents-paf-4.1.1-98.el8.x86_64.rpm Red Hat Enterprise Linux ResilientStorage (v. 8): Source: resource-agents-4.1.1-98.el8.src.rpm ppc64le: resource-agents-4.1.1-98.el8.ppc64le.rpm resource-agents-debuginfo-4.1.1-98.el8.ppc64le.rpm resource-agents-debugsource-4.1.1-98.el8.ppc64le.rpm resource-agents-paf-4.1.1-98.el8.ppc64le.rpm s390x: resource-agents-4.1.1-98.el8.s390x.rpm resource-agents-debuginfo-4.1.1-98.el8.s390x.rpm resource-agents-debugsource-4.1.1-98.el8.s390x.rpm resource-agents-paf-4.1.1-98.el8.s390x.rpm x86_64: resource-agents-4.1.1-98.el8.x86_64.rpm resource-agents-aliyun-4.1.1-98.el8.x86_64.rpm resource-agents-aliyun-debuginfo-4.1.1-98.el8.x86_64.rpm resource-agents-debuginfo-4.1.1-98.el8.x86_64.rpm resource-agents-debugsource-4.1.1-98.el8.x86_64.rpm resource-agents-gcp-4.1.1-98.el8.x86_64.rpm resource-agents-paf-4.1.1-98.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-20270 https://access.redhat.com/security/cve/CVE-2021-27291 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYre6NzjgjWX9erEAQgeQw/+PjJ81dqLMiOuEd/buWdiiDbrOfBeszWh LxUkmu4wWyMD1TPlgLxUdcD+3ipWJNZDHk/jJTgjr8PQO8bg5dAPCAgn9WqHrA1m rsfmoqqKw19pbOjcAhWIsRi425dZg0HouSpalVMK4t2wU6GbI2rbd14cHtwi03i3 BXxQKehOQI+Pyeq5c+o13M6/o5sVxf6bZyavz9RH321CwDt5EatO5LA6seEbjklU oXiKl3JcSwh6ahVW3hyumjCNsJHH+2XD0pw5pc2xZx3iyuhTxnPjhs413qvWxXy2 s1zcxPekeCbIKzWkoAH7depy1o+J6WwQCBiYkqFZyIUnd6+pXeIfltujvWBumnBn mkLLOhonU1uvlKKVcRLxb9awv60S6ai0YYHJ728YPyDDtEHFThvdK5Ctm/fn2ibM OU8awQNfzB4tge/S9XFsrnKVcH5VZSvmIWch3np2oV6JP6R6P2nX35a9k7s4sRn+ /eMIZ56zEowO9d4ievt8TLF87aR3cdjIaK9fafjVRBrCfjwy/BF9xuNf1dQBlKn/ Tk8nBbQVFUNXTOsZBHRWmJDx5AjBZgH2fxTxHlkbGB/qksqRb47aW2U8P99+rw/K Mvm4TQn8HMjxmMjHypOKjencfnxiek1maoqlGS6oxnkYBdOwtTvAHn2uSfEtJdy7 o7yf5vDfoiw= =lrGC - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYYtjgeNLKJtyKPYoAQhpnBAAszcw/EC4jiQfFIv/DxXptO9DuJO8qX6e /fUnRRlVGzHRaz/SjiytIMXiQqDxKix1Cpa35W6uGsLyj/WwoI3Kk06gcog2A2b3 1kTQs+zu0ULpwx2b/JhVPtF/OoqYojs5/Z+7XvcJikGta5jgkb60wnBIuvDeoSDS xXMNIZ8RyO9MDSNCpfYwc6Atv+hejyDqb7/ZMp0aPLnPo+Z8hUJISo+eVz+T76TI /PHUKZsOMvUWG2wMQt85EnV9DvSmoEmROplc6JDtmtCJiR9TJBqXYrxL6NGtMN20 sjtB0rNtFCDKAcBooJ5iNzA6bimF7VmAn/WlmHSS7hziG8PlfVi2Dl/MyHQPOFBV 78TTxDlf9jMrz+mImkNR+mmaqFUrUQPqY6iIgUFrU8QZv4xdpkDS1vCF3ZtWHvcg md5P/TcIggIgV/cHfRNi0ZNimMufRuPwmP06CJab97xA94vqCNgLhQaSELS//R/F zPFhfabXNDmB/U6jjgZIsNmsG2ZxlbxbqQCCtc6uwJmmTJ3SzZI+80KDpNTBQuiW u3AI72HKnvSe+v/XHM133OHgR1M1hCCFKzSEYZ6gqISwsyfTKt8zq3LMgzg+ieaf 9RclWfTrWnWUxb+HCCN+ccR38Kg6ZdeDQ4aLCaJUNVuSPEMSh0F/OLf45+P8qdHe QoEq1bUHZMI= =yoX7 -----END PGP SIGNATURE-----