NS-SA-2021-0028
2021-03-09 14:13:21
简介
important: fence-agents/tomcat security update
严重级别
important
主题
An update for fence-agents/tomcat is now available for NewStart CGSL MAIN 5.04/CGSL CORE 5.04.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
详细描述
fence-agents: The fence-agents-ilo-ssh package contains a fence agent for HP iLO devices that are accessed via SSH.
tomcat: The docs web application for Apache Tomcat.
Security Fix(es):
fence-agents: In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0.(CVE-2020-11078)
fence-agents: bugfix
tomcat: When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.(CVE-2019-17563)
tomcat: A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability.(CVE-2020-1935)
tomcat: The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service.(CVE-2020-13935)
tomcat: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.04.F30B3.
影响组件
影响产品
- CGSL MAIN 5.04
- CGSL CORE 5.04
更新包
{"fix":[{"product":"CGSL MAIN 5.04","pkgs":[{"binary":["fence-agents-amt-ws-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-wti-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-kdump-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-apc-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ilo-moonshot-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ilo2-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-vmware-soap-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-compute-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-drac5-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ibmblade-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-all-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-vmware-rest-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ilo-ssh-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ilo-mp-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-eaton-snmp-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-aliyun-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-azure-arm-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-sbd-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-emerson-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-scsi-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-aws-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-redfish-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-virsh-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-common-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-hpblade-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-rsb-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-bladecenter-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-cisco-ucs-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-apc-snmp-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-heuristics-ping-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-mpath-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ipdu-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ipmilan-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-lpar-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ifmib-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-intelmodular-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-rhevm-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-rsa-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-brocade-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-eps-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-cisco-mds-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-gce-4.2.1-41.el7_9.2.x86_64.rpm"],"source":"fence-agents-4.2.1-41.el7_9.2.src.rpm"},{"binary":["tomcat-jsvc-7.0.76-16.el7_9.noarch.rpm","tomcat-admin-webapps-7.0.76-16.el7_9.noarch.rpm","tomcat-docs-webapp-7.0.76-16.el7_9.noarch.rpm","tomcat-jsp-2.2-api-7.0.76-16.el7_9.noarch.rpm","tomcat-lib-7.0.76-16.el7_9.noarch.rpm","tomcat-servlet-3.0-api-7.0.76-16.el7_9.noarch.rpm","tomcat-javadoc-7.0.76-16.el7_9.noarch.rpm","tomcat-webapps-7.0.76-16.el7_9.noarch.rpm","tomcat-7.0.76-16.el7_9.noarch.rpm","tomcat-el-2.2-api-7.0.76-16.el7_9.noarch.rpm"],"source":"tomcat-7.0.76-16.el7_9.src.rpm"}]},{"product":"CGSL CORE 5.04","pkgs":[{"binary":["fence-agents-vmware-rest-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-drac5-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ifmib-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-virsh-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-apc-snmp-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-mpath-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-compute-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-aws-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ipmilan-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-rsa-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-eaton-snmp-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ilo-ssh-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-gce-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-hpblade-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-sbd-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-amt-ws-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ilo-mp-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-brocade-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-bladecenter-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-rsb-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-apc-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-kdump-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-eps-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-lpar-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-vmware-soap-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-all-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-redfish-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-rhevm-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-common-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-azure-arm-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ilo-moonshot-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-intelmodular-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ipdu-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-scsi-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-wti-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ibmblade-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ilo2-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-heuristics-ping-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-cisco-ucs-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-aliyun-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-cisco-mds-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-emerson-4.2.1-41.el7_9.2.x86_64.rpm"],"source":"fence-agents-4.2.1-41.el7_9.2.src.rpm"},{"binary":["tomcat-docs-webapp-7.0.76-16.el7_9.noarch.rpm","tomcat-el-2.2-api-7.0.76-16.el7_9.noarch.rpm","tomcat-javadoc-7.0.76-16.el7_9.noarch.rpm","tomcat-admin-webapps-7.0.76-16.el7_9.noarch.rpm","tomcat-webapps-7.0.76-16.el7_9.noarch.rpm","tomcat-jsp-2.2-api-7.0.76-16.el7_9.noarch.rpm","tomcat-jsvc-7.0.76-16.el7_9.noarch.rpm","tomcat-7.0.76-16.el7_9.noarch.rpm","tomcat-lib-7.0.76-16.el7_9.noarch.rpm","tomcat-servlet-3.0-api-7.0.76-16.el7_9.noarch.rpm"],"source":"tomcat-7.0.76-16.el7_9.src.rpm"}]}]}
CVE
参考