{"id":"ALSA-2024:6309","summary":"Moderate: fence-agents security update","details":"The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. \n\nSecurity Fix(es):\n\n* urllib3: proxy-authorization request header is not stripped during cross-origin redirects (CVE-2024-37891)\n* pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-01-30T01:12:34.324098Z","published":"2024-09-04T00:00:00Z","related":["CVE-2024-37891","CVE-2024-6345"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2024:6309"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-37891"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-6345"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2292788"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2297771"},{"type":"ADVISORY","url":"https://errata.almalinux.org/8/ALSA-2024-6309.html"}],"affected":[{"package":{"name":"fence-agents-aliyun","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-aliyun"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-all","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-all"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-amt-ws","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-amt-ws"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-apc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-apc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-apc-snmp","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-apc-snmp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-aws","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-aws"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-azure-arm","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-azure-arm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-bladecenter","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-bladecenter"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-brocade","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-brocade"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-cisco-mds","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-cisco-mds"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-cisco-ucs","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-cisco-ucs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-common","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-common"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-compute","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-compute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-drac5","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-drac5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-eaton-snmp","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-eaton-snmp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-emerson","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-emerson"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-eps","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-eps"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-gce","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-gce"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-heuristics-ping","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-heuristics-ping"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-hpblade","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-hpblade"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-ibm-powervs","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-ibm-powervs"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-ibm-vpc","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-ibm-vpc"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-ibmblade","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-ibmblade"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-ifmib","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-ifmib"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-ilo-moonshot","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-ilo-moonshot"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-ilo-mp","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-ilo-mp"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-ilo-ssh","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-ilo-ssh"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-ilo2","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-ilo2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-intelmodular","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-intelmodular"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-ipdu","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-ipdu"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-ipmilan","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-ipmilan"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-kdump","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-kdump"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-kubevirt","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-kubevirt"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-lpar","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-lpar"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-mpath","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-mpath"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-openstack","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-openstack"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-redfish","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-redfish"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-rhevm","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-rhevm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-rsa","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-rsa"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-rsb","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-rsb"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-sbd","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-sbd"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-scsi","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-scsi"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-virsh","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-virsh"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-vmware-rest","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-vmware-rest"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-vmware-soap","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-vmware-soap"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-wti","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-wti"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}},{"package":{"name":"fence-agents-zvm","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/fence-agents-zvm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.1-129.el8_10.4"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2024:6309.json"}}],"schema_version":"1.7.3"}