CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
EPSS
Percentile
76.1%
CentOS Errata and Security Advisory CESA-2020:5004
The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.
Security Fix(es):
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
gcp-vpc-move-vip: An existing alias IP range is removed when a second alias IP range is added (BZ#1846732)
sybaseASE: Resource fails to complete a probe operation without access to $sybase_home [RHEL 7] (BZ#1848673)
azure-lb: Resource fails intermittently due to nc output redirection to pidfile (BZ#1850779)
azure-events: handle exceptions in urlopen (RHEL7) (BZ#1862121)
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2020-November/085960.html
Affected packages:
resource-agents
resource-agents-aliyun
resource-agents-gcp
Upstream details at:
https://access.redhat.com/errata/RHSA-2020:5004
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | x86_64 | resource-agents | < 4.1.1-61.el7_9.4 | resource-agents-4.1.1-61.el7_9.4.x86_64.rpm |
CentOS | 7 | x86_64 | resource-agents-aliyun | < 4.1.1-61.el7_9.4 | resource-agents-aliyun-4.1.1-61.el7_9.4.x86_64.rpm |
CentOS | 7 | x86_64 | resource-agents-gcp | < 4.1.1-61.el7_9.4 | resource-agents-gcp-4.1.1-61.el7_9.4.x86_64.rpm |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N
EPSS
Percentile
76.1%