Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS2-2019-1348
HistoryNov 04, 2019 - 10:16 p.m.

Medium: fence-agents

2019-11-0422:16:00
alas.aws.amazon.com
18

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

AI Score

5

Confidence

High

EPSS

0.001

Percentile

47.9%

JSON

Issue Overview:

A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM’s comment or other fields would cause fence_rhevm to exit with an exception. In cluster environments, this could lead to preventing automated recovery or otherwise denying service to clusters of which that VM is a member.(CVE-2019-10153)

Affected Packages:

fence-agents

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update fence-agents to update your system.

New Packages:

aarch64:  
    fence-agents-debuginfo-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-common-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-all-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-amt-ws-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-apc-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-apc-snmp-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-bladecenter-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-brocade-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-cisco-mds-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-cisco-ucs-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-compute-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-drac5-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-eaton-snmp-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-emerson-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-eps-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-heuristics-ping-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-hpblade-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-ibmblade-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-ifmib-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-ilo2-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-ilo-moonshot-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-ilo-mp-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-ilo-ssh-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-intelmodular-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-ipdu-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-ipmilan-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-mpath-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-kdump-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-redfish-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-rhevm-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-rsa-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-rsb-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-sbd-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-scsi-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-virsh-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-vmware-rest-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-vmware-soap-4.2.1-24.amzn2.0.3.aarch64  
    fence-agents-wti-4.2.1-24.amzn2.0.3.aarch64  
  
i686:  
    fence-agents-debuginfo-4.2.1-24.amzn2.0.3.i686  
    fence-agents-common-4.2.1-24.amzn2.0.3.i686  
    fence-agents-all-4.2.1-24.amzn2.0.3.i686  
    fence-agents-amt-ws-4.2.1-24.amzn2.0.3.i686  
    fence-agents-apc-4.2.1-24.amzn2.0.3.i686  
    fence-agents-apc-snmp-4.2.1-24.amzn2.0.3.i686  
    fence-agents-bladecenter-4.2.1-24.amzn2.0.3.i686  
    fence-agents-brocade-4.2.1-24.amzn2.0.3.i686  
    fence-agents-cisco-mds-4.2.1-24.amzn2.0.3.i686  
    fence-agents-cisco-ucs-4.2.1-24.amzn2.0.3.i686  
    fence-agents-compute-4.2.1-24.amzn2.0.3.i686  
    fence-agents-drac5-4.2.1-24.amzn2.0.3.i686  
    fence-agents-eaton-snmp-4.2.1-24.amzn2.0.3.i686  
    fence-agents-emerson-4.2.1-24.amzn2.0.3.i686  
    fence-agents-eps-4.2.1-24.amzn2.0.3.i686  
    fence-agents-heuristics-ping-4.2.1-24.amzn2.0.3.i686  
    fence-agents-hpblade-4.2.1-24.amzn2.0.3.i686  
    fence-agents-ibmblade-4.2.1-24.amzn2.0.3.i686  
    fence-agents-ifmib-4.2.1-24.amzn2.0.3.i686  
    fence-agents-ilo2-4.2.1-24.amzn2.0.3.i686  
    fence-agents-ilo-moonshot-4.2.1-24.amzn2.0.3.i686  
    fence-agents-ilo-mp-4.2.1-24.amzn2.0.3.i686  
    fence-agents-ilo-ssh-4.2.1-24.amzn2.0.3.i686  
    fence-agents-intelmodular-4.2.1-24.amzn2.0.3.i686  
    fence-agents-ipdu-4.2.1-24.amzn2.0.3.i686  
    fence-agents-ipmilan-4.2.1-24.amzn2.0.3.i686  
    fence-agents-mpath-4.2.1-24.amzn2.0.3.i686  
    fence-agents-kdump-4.2.1-24.amzn2.0.3.i686  
    fence-agents-redfish-4.2.1-24.amzn2.0.3.i686  
    fence-agents-rhevm-4.2.1-24.amzn2.0.3.i686  
    fence-agents-rsa-4.2.1-24.amzn2.0.3.i686  
    fence-agents-rsb-4.2.1-24.amzn2.0.3.i686  
    fence-agents-sbd-4.2.1-24.amzn2.0.3.i686  
    fence-agents-scsi-4.2.1-24.amzn2.0.3.i686  
    fence-agents-virsh-4.2.1-24.amzn2.0.3.i686  
    fence-agents-vmware-rest-4.2.1-24.amzn2.0.3.i686  
    fence-agents-vmware-soap-4.2.1-24.amzn2.0.3.i686  
    fence-agents-wti-4.2.1-24.amzn2.0.3.i686  
  
src:  
    fence-agents-4.2.1-24.amzn2.0.3.src  
  
x86_64:  
    fence-agents-debuginfo-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-common-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-all-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-aliyun-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-amt-ws-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-apc-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-apc-snmp-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-aws-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-bladecenter-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-brocade-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-cisco-mds-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-cisco-ucs-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-compute-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-drac5-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-eaton-snmp-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-emerson-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-eps-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-gce-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-heuristics-ping-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-hpblade-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-ibmblade-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-ifmib-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-ilo2-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-ilo-moonshot-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-ilo-mp-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-ilo-ssh-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-intelmodular-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-ipdu-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-ipmilan-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-mpath-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-kdump-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-redfish-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-rhevm-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-rsa-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-rsb-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-sbd-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-scsi-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-virsh-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-vmware-rest-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-vmware-soap-4.2.1-24.amzn2.0.3.x86_64  
    fence-agents-wti-4.2.1-24.amzn2.0.3.x86_64

Additional References

Red Hat: CVE-2019-10153

Mitre: CVE-2019-10153

OSVersionArchitecturePackageVersionFilename
Amazon Linux2aarch64fence-agents-debuginfo< 4.2.1-24.amzn2.0.3fence-agents-debuginfo-4.2.1-24.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64fence-agents-common< 4.2.1-24.amzn2.0.3fence-agents-common-4.2.1-24.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64fence-agents-all< 4.2.1-24.amzn2.0.3fence-agents-all-4.2.1-24.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64fence-agents-amt-ws< 4.2.1-24.amzn2.0.3fence-agents-amt-ws-4.2.1-24.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64fence-agents-apc< 4.2.1-24.amzn2.0.3fence-agents-apc-4.2.1-24.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64fence-agents-apc-snmp< 4.2.1-24.amzn2.0.3fence-agents-apc-snmp-4.2.1-24.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64fence-agents-bladecenter< 4.2.1-24.amzn2.0.3fence-agents-bladecenter-4.2.1-24.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64fence-agents-brocade< 4.2.1-24.amzn2.0.3fence-agents-brocade-4.2.1-24.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64fence-agents-cisco-mds< 4.2.1-24.amzn2.0.3fence-agents-cisco-mds-4.2.1-24.amzn2.0.3.aarch64.rpm
Amazon Linux2aarch64fence-agents-cisco-ucs< 4.2.1-24.amzn2.0.3fence-agents-cisco-ucs-4.2.1-24.amzn2.0.3.aarch64.rpm
Rows per page:
1-10 of 1171

Related

prion 1
openvas 6
nessus 13
suse 2
centos 1
redhatcve 1
debiancve 1
veracode 1
nvd 1
ubuntucve 1
cvelist 1
redhat 1
cve 1
mageia 1
osv 1
prion
prion
Design/Logic Flaw
2019-07-30 23:15:00
openvas
openvas
Huawei EulerOS: Security Advisory for fence-agents (EulerOS-SA-2019-2577)
2020-01-23 00:00:00
openSUSE: Security Advisory for fence-agents (openSUSE-SU-2019:1751-1)
2020-01-09 00:00:00
Mageia: Security Advisory (MGASA-2019-0398)
2022-01-28 00:00:00
nessus
nessus
Amazon Linux 2 : fence-agents (ALAS-2019-1348)
2019-11-07 00:00:00
NewStart CGSL CORE 5.04 / MAIN 5.04 : fence-agents Vulnerability (NS-SA-2019-0214)
2019-12-02 00:00:00
NewStart CGSL CORE 5.05 / MAIN 5.05 : fence-agents Vulnerability (NS-SA-2019-0226)
2019-12-31 00:00:00
suse
suse
Security update for fence-agents (low)
2019-07-20 00:00:00
Security update for fence-agents (low)
2019-07-19 00:00:00
centos
centos
fence security update
2019-08-30 02:47:51
redhatcve
redhatcve
CVE-2019-10153
2019-06-03 07:52:32
debiancve
debiancve
CVE-2019-10153
2019-07-30 23:15:11
veracode
veracode
Denial Of Service (DoS)
2020-12-06 04:00:14
nvd
nvd
CVE-2019-10153
2019-07-30 23:15:11
ubuntucve
ubuntucve
CVE-2019-10153
2019-07-30 00:00:00
cvelist
cvelist
CVE-2019-10153
2019-07-30 22:10:35
redhat
redhat
(RHSA-2019:2037) Moderate: fence-agents security, bug fix, and enhancement update
2019-08-06 07:53:37
cve
cve
CVE-2019-10153
2019-07-30 23:15:11
mageia
mageia
Updated fence-agents packages fix security vulnerability
2019-12-19 16:44:26
osv
osv
fence-agents-4.10.0+git.1627556580.31443c15-1.2 on GA media
2024-06-15 00:00:00

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L

AI Score

5

Confidence

High

EPSS

0.001

Percentile

47.9%

JSON
Related for ALAS2-2019-1348
prion1openvas6nessus13suse2centos1redhatcve1debiancve1veracode1nvd1ubuntucve1cvelist1redhat1cve1mageia1osv1