安全公告详情

NS-SA-2021-0146

2021-09-24 11:21:19

简介

moderate: fence-agents/libtiff security update

严重级别

moderate

主题

An update for fence-agents/libtiff is now available for NewStart CGSL MAIN 5.05/CGSL CORE 5.05.
NewStart Security has rated this update as having a security impact of moderate. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.

详细描述

fence-agents: The fence-agents-ilo-ssh package contains a fence agent for HP iLO devices that are accessed via SSH.
libtiff: This package provides debug information for package libtiff. Debug information is useful when developing applications that use this package or when debugging this package.


Security Fix(es):
fence-agents: A flaw was found in python-httplib2. An attacker controlling an unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping.(CVE-2020-11078)
fence-agents: bugfix
libtiff: _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.(CVE-2019-14973)
libtiff: _getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.(CVE-2019-17546)
libtiff: bugfix


Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 5.05.F11B5.

影响组件

  • fence-agents
  • libtiff

影响产品

  • CGSL MAIN 5.05
  • CGSL CORE 5.05

更新包

{"fix":[{"product":"CGSL MAIN 5.05","pkgs":[{"binary":["fence-agents-vmware-rest-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-drac5-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ifmib-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-virsh-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-apc-snmp-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-mpath-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-compute-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-aws-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ipmilan-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-rsa-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-eaton-snmp-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ilo-ssh-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-gce-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-hpblade-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-sbd-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-amt-ws-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ilo-mp-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-brocade-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-bladecenter-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-rsb-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-apc-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-kdump-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-eps-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-lpar-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-vmware-soap-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-all-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-redfish-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-rhevm-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-common-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-azure-arm-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ilo-moonshot-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-intelmodular-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ipdu-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-scsi-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-wti-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ibmblade-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ilo2-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-heuristics-ping-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-cisco-ucs-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-aliyun-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-cisco-mds-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-emerson-4.2.1-41.el7_9.2.x86_64.rpm"],"source":"fence-agents-4.2.1-41.el7_9.2.src.rpm"},{"binary":["libtiff-devel-4.0.3-35.el7.x86_64.rpm","libtiff-static-4.0.3-35.el7.x86_64.rpm","libtiff-4.0.3-35.el7.x86_64.rpm","libtiff-tools-4.0.3-35.el7.x86_64.rpm"],"source":"libtiff-4.0.3-35.el7.src.rpm"}]},{"product":"CGSL CORE 5.05","pkgs":[{"binary":["fence-agents-vmware-rest-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-drac5-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ifmib-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-virsh-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-apc-snmp-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-mpath-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-compute-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-aws-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ipmilan-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-rsa-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-eaton-snmp-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ilo-ssh-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-gce-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-hpblade-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-sbd-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-amt-ws-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ilo-mp-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-brocade-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-bladecenter-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-rsb-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-apc-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-kdump-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-eps-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-lpar-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-vmware-soap-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-all-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-redfish-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-rhevm-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-common-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-azure-arm-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ilo-moonshot-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-intelmodular-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ipdu-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-scsi-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-wti-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ibmblade-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-ilo2-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-heuristics-ping-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-cisco-ucs-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-aliyun-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-cisco-mds-4.2.1-41.el7_9.2.x86_64.rpm","fence-agents-emerson-4.2.1-41.el7_9.2.x86_64.rpm"],"source":"fence-agents-4.2.1-41.el7_9.2.src.rpm"},{"binary":["libtiff-devel-4.0.3-35.el7.x86_64.rpm","libtiff-static-4.0.3-35.el7.x86_64.rpm","libtiff-4.0.3-35.el7.x86_64.rpm","libtiff-tools-4.0.3-35.el7.x86_64.rpm"],"source":"libtiff-4.0.3-35.el7.src.rpm"}]}]}

CVE

参考