安全公告详情

NS-SA-2019-0214

2019-11-22 16:16:51

简介

critical: fence-agents/php security update

严重级别

critical

主题

An update for fence-agents/php is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

fence-agents: The fence-agents-ilo2 package contains a fence agent for HP iLO2 devices that are accessed via the HTTP(s) protocol.
php: The php-cli package contains the command-line interface executing PHP scripts, /usr/bin/php, and the CGI interface.


Security Fix(es):
fence-agents: A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.(CVE-2019-10153)
fence-agents: bugfix
php: An out-of-bounds write vulnerability was found in php-fpm. The flaw, when triggered under certain configurations when running behind nginx, could manipulate the PATH_INFO value in specific ways. This could lead to memory corruption and potentially arbitrary code execution.(CVE-2019-11043)
php: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F19.

影响组件

  • fence-agents
  • php

影响产品

  • CGSL MAIN 5.04
  • CGSL CORE 5.04

更新包

{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["fence-agents-ilo2-4.2.1-24.el7.x86_64.rpm","fence-agents-intelmodular-4.2.1-24.el7.x86_64.rpm","fence-agents-ipdu-4.2.1-24.el7.x86_64.rpm","fence-agents-ipmilan-4.2.1-24.el7.x86_64.rpm","fence-agents-kdump-4.2.1-24.el7.x86_64.rpm","fence-agents-mpath-4.2.1-24.el7.x86_64.rpm","fence-agents-redfish-4.2.1-24.el7.x86_64.rpm","fence-agents-rhevm-4.2.1-24.el7.x86_64.rpm","fence-agents-rsa-4.2.1-24.el7.x86_64.rpm","fence-agents-rsb-4.2.1-24.el7.x86_64.rpm","fence-agents-sbd-4.2.1-24.el7.x86_64.rpm","fence-agents-scsi-4.2.1-24.el7.x86_64.rpm","fence-agents-virsh-4.2.1-24.el7.x86_64.rpm","fence-agents-vmware-rest-4.2.1-24.el7.x86_64.rpm","fence-agents-vmware-soap-4.2.1-24.el7.x86_64.rpm","fence-agents-wti-4.2.1-24.el7.x86_64.rpm","fence-agents-aliyun-4.2.1-24.el7.x86_64.rpm","fence-agents-all-4.2.1-24.el7.x86_64.rpm","fence-agents-amt-ws-4.2.1-24.el7.x86_64.rpm","fence-agents-apc-4.2.1-24.el7.x86_64.rpm","fence-agents-apc-snmp-4.2.1-24.el7.x86_64.rpm","fence-agents-aws-4.2.1-24.el7.x86_64.rpm","fence-agents-azure-arm-4.2.1-24.el7.x86_64.rpm","fence-agents-bladecenter-4.2.1-24.el7.x86_64.rpm","fence-agents-brocade-4.2.1-24.el7.x86_64.rpm","fence-agents-cisco-mds-4.2.1-24.el7.x86_64.rpm","fence-agents-cisco-ucs-4.2.1-24.el7.x86_64.rpm","fence-agents-common-4.2.1-24.el7.x86_64.rpm","fence-agents-compute-4.2.1-24.el7.x86_64.rpm","fence-agents-debuginfo-4.2.1-24.el7.x86_64.rpm","fence-agents-drac5-4.2.1-24.el7.x86_64.rpm","fence-agents-eaton-snmp-4.2.1-24.el7.x86_64.rpm","fence-agents-emerson-4.2.1-24.el7.x86_64.rpm","fence-agents-eps-4.2.1-24.el7.x86_64.rpm","fence-agents-gce-4.2.1-24.el7.x86_64.rpm","fence-agents-heuristics-ping-4.2.1-24.el7.x86_64.rpm","fence-agents-hpblade-4.2.1-24.el7.x86_64.rpm","fence-agents-ibmblade-4.2.1-24.el7.x86_64.rpm","fence-agents-ifmib-4.2.1-24.el7.x86_64.rpm","fence-agents-ilo-moonshot-4.2.1-24.el7.x86_64.rpm","fence-agents-ilo-mp-4.2.1-24.el7.x86_64.rpm","fence-agents-ilo-ssh-4.2.1-24.el7.x86_64.rpm"],"source":"fence-agents-4.2.1-24.el7.src.rpm"},{"binary":["php-cli-5.4.16-46.1.el7_7.x86_64.rpm","php-common-5.4.16-46.1.el7_7.x86_64.rpm","php-dba-5.4.16-46.1.el7_7.x86_64.rpm","php-debuginfo-5.4.16-46.1.el7_7.x86_64.rpm","php-devel-5.4.16-46.1.el7_7.x86_64.rpm","php-embedded-5.4.16-46.1.el7_7.x86_64.rpm","php-enchant-5.4.16-46.1.el7_7.x86_64.rpm","php-fpm-5.4.16-46.1.el7_7.x86_64.rpm","php-gd-5.4.16-46.1.el7_7.x86_64.rpm","php-intl-5.4.16-46.1.el7_7.x86_64.rpm","php-ldap-5.4.16-46.1.el7_7.x86_64.rpm","php-mbstring-5.4.16-46.1.el7_7.x86_64.rpm","php-mysql-5.4.16-46.1.el7_7.x86_64.rpm","php-mysqlnd-5.4.16-46.1.el7_7.x86_64.rpm","php-odbc-5.4.16-46.1.el7_7.x86_64.rpm","php-pdo-5.4.16-46.1.el7_7.x86_64.rpm","php-pgsql-5.4.16-46.1.el7_7.x86_64.rpm","php-process-5.4.16-46.1.el7_7.x86_64.rpm","php-pspell-5.4.16-46.1.el7_7.x86_64.rpm","php-recode-5.4.16-46.1.el7_7.x86_64.rpm","php-snmp-5.4.16-46.1.el7_7.x86_64.rpm","php-soap-5.4.16-46.1.el7_7.x86_64.rpm","php-xml-5.4.16-46.1.el7_7.x86_64.rpm","php-xmlrpc-5.4.16-46.1.el7_7.x86_64.rpm","php-5.4.16-46.1.el7_7.x86_64.rpm","php-bcmath-5.4.16-46.1.el7_7.x86_64.rpm"],"source":"php-5.4.16-46.1.el7_7.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["fence-agents-gce-4.2.1-24.el7.x86_64.rpm","fence-agents-heuristics-ping-4.2.1-24.el7.x86_64.rpm","fence-agents-hpblade-4.2.1-24.el7.x86_64.rpm","fence-agents-ibmblade-4.2.1-24.el7.x86_64.rpm","fence-agents-ifmib-4.2.1-24.el7.x86_64.rpm","fence-agents-ilo-moonshot-4.2.1-24.el7.x86_64.rpm","fence-agents-ilo-mp-4.2.1-24.el7.x86_64.rpm","fence-agents-ilo-ssh-4.2.1-24.el7.x86_64.rpm","fence-agents-ilo2-4.2.1-24.el7.x86_64.rpm","fence-agents-intelmodular-4.2.1-24.el7.x86_64.rpm","fence-agents-ipdu-4.2.1-24.el7.x86_64.rpm","fence-agents-ipmilan-4.2.1-24.el7.x86_64.rpm","fence-agents-kdump-4.2.1-24.el7.x86_64.rpm","fence-agents-mpath-4.2.1-24.el7.x86_64.rpm","fence-agents-redfish-4.2.1-24.el7.x86_64.rpm","fence-agents-rhevm-4.2.1-24.el7.x86_64.rpm","fence-agents-rsa-4.2.1-24.el7.x86_64.rpm","fence-agents-rsb-4.2.1-24.el7.x86_64.rpm","fence-agents-sbd-4.2.1-24.el7.x86_64.rpm","fence-agents-scsi-4.2.1-24.el7.x86_64.rpm","fence-agents-virsh-4.2.1-24.el7.x86_64.rpm","fence-agents-vmware-rest-4.2.1-24.el7.x86_64.rpm","fence-agents-vmware-soap-4.2.1-24.el7.x86_64.rpm","fence-agents-wti-4.2.1-24.el7.x86_64.rpm","fence-agents-aliyun-4.2.1-24.el7.x86_64.rpm","fence-agents-all-4.2.1-24.el7.x86_64.rpm","fence-agents-amt-ws-4.2.1-24.el7.x86_64.rpm","fence-agents-apc-4.2.1-24.el7.x86_64.rpm","fence-agents-apc-snmp-4.2.1-24.el7.x86_64.rpm","fence-agents-aws-4.2.1-24.el7.x86_64.rpm","fence-agents-azure-arm-4.2.1-24.el7.x86_64.rpm","fence-agents-bladecenter-4.2.1-24.el7.x86_64.rpm","fence-agents-brocade-4.2.1-24.el7.x86_64.rpm","fence-agents-cisco-mds-4.2.1-24.el7.x86_64.rpm","fence-agents-cisco-ucs-4.2.1-24.el7.x86_64.rpm","fence-agents-common-4.2.1-24.el7.x86_64.rpm","fence-agents-compute-4.2.1-24.el7.x86_64.rpm","fence-agents-debuginfo-4.2.1-24.el7.x86_64.rpm","fence-agents-drac5-4.2.1-24.el7.x86_64.rpm","fence-agents-eaton-snmp-4.2.1-24.el7.x86_64.rpm","fence-agents-emerson-4.2.1-24.el7.x86_64.rpm","fence-agents-eps-4.2.1-24.el7.x86_64.rpm"],"source":"fence-agents-4.2.1-24.el7.src.rpm"},{"binary":["php-pgsql-5.4.16-46.1.el7_7.x86_64.rpm","php-process-5.4.16-46.1.el7_7.x86_64.rpm","php-pspell-5.4.16-46.1.el7_7.x86_64.rpm","php-recode-5.4.16-46.1.el7_7.x86_64.rpm","php-snmp-5.4.16-46.1.el7_7.x86_64.rpm","php-soap-5.4.16-46.1.el7_7.x86_64.rpm","php-xml-5.4.16-46.1.el7_7.x86_64.rpm","php-xmlrpc-5.4.16-46.1.el7_7.x86_64.rpm","php-5.4.16-46.1.el7_7.x86_64.rpm","php-bcmath-5.4.16-46.1.el7_7.x86_64.rpm","php-cli-5.4.16-46.1.el7_7.x86_64.rpm","php-common-5.4.16-46.1.el7_7.x86_64.rpm","php-dba-5.4.16-46.1.el7_7.x86_64.rpm","php-debuginfo-5.4.16-46.1.el7_7.x86_64.rpm","php-devel-5.4.16-46.1.el7_7.x86_64.rpm","php-embedded-5.4.16-46.1.el7_7.x86_64.rpm","php-enchant-5.4.16-46.1.el7_7.x86_64.rpm","php-fpm-5.4.16-46.1.el7_7.x86_64.rpm","php-gd-5.4.16-46.1.el7_7.x86_64.rpm","php-intl-5.4.16-46.1.el7_7.x86_64.rpm","php-ldap-5.4.16-46.1.el7_7.x86_64.rpm","php-mbstring-5.4.16-46.1.el7_7.x86_64.rpm","php-mysql-5.4.16-46.1.el7_7.x86_64.rpm","php-mysqlnd-5.4.16-46.1.el7_7.x86_64.rpm","php-odbc-5.4.16-46.1.el7_7.x86_64.rpm","php-pdo-5.4.16-46.1.el7_7.x86_64.rpm"],"source":"php-5.4.16-46.1.el7_7.src.rpm"}]}]}

CVE

参考