Login
Newsletter
Werbung

Sicherheit: Cross-Site Scripting in fence-agents
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in fence-agents
ID: RHSA-2024:4404
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux AppStream TUS (v.8.6), Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux High Availability TUS (v.8.6), Red Hat Enterprise Linux High Availability E4S (v.8.6)
Datum: Mi, 10. Juli 2024, 06:42
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=2279476
https://access.redhat.com/security/cve/CVE-2024-34064
https://access.redhat.com/errata/RHSA-2024:4404
Applikationen: fence-agents

Originalnachricht

An update for fence-agents is now available for Red Hat Enterprise Linux 8.6
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

The fence-agents packages provide a collection of scripts for handling remote
power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.

Security Fix(es):

* jinja2: accepts keys containing non-attribute characters (CVE-2024-34064)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2024-34064: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting') (CWE-79)
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung