drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Cross-Site Scripting in fence-agents
Name: |
Cross-Site Scripting in fence-agents |
|
ID: |
RHSA-2024:4404 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux AppStream TUS (v.8.6), Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux High Availability TUS (v.8.6), Red Hat Enterprise Linux High Availability E4S (v.8.6) |
|
Datum: |
Mi, 10. Juli 2024, 06:42 |
|
Referenzen: |
https://bugzilla.redhat.com/show_bug.cgi?id=2279476
https://access.redhat.com/security/cve/CVE-2024-34064
https://access.redhat.com/errata/RHSA-2024:4404 |
|
Applikationen: |
fence-agents |
|
Originalnachricht |
An update for fence-agents is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.
Security Fix(es):
* jinja2: accepts keys containing non-attribute characters (CVE-2024-34064)
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2024-34064: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
|
|
|
|