Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-6345 (GCVE-0-2024-6345)
Vulnerability from cvelistv5 – Published: 2024-07-15 00:00 – Updated: 2025-11-04 16:15- CWE-94 - Improper Control of Generation of Code
| Vendor | Product | Version | |
|---|---|---|---|
| pypa | pypa/setuptools |
Affected:
unspecified , < 70.0
(custom)
|
|
| python | setuptools |
Affected:
69.1.1 , < 70.0
(custom)
cpe:2.3:a:python:setuptools:69.1.1:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:python:setuptools:69.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "setuptools",
"vendor": "python",
"versions": [
{
"lessThan": "70.0",
"status": "affected",
"version": "69.1.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6345",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T13:33:16.586239Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T13:38:34.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:15:51.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "pypa/setuptools",
"vendor": "pypa",
"versions": [
{
"lessThan": "70.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T00:00:14.545Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5"
},
{
"url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0"
}
],
"source": {
"advisory": "d6362117-ad57-4e83-951f-b8141c6e7ca5",
"discovery": "EXTERNAL"
},
"title": "Remote Code Execution in pypa/setuptools"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-6345",
"datePublished": "2024-07-15T00:00:14.545Z",
"dateReserved": "2024-06-26T08:16:17.895Z",
"dateUpdated": "2025-11-04T16:15:51.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-6345",
"date": "2026-07-05",
"epss": "0.01939",
"percentile": "0.77685"
},
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en el m\\u00f3dulo package_index de las versiones de pypa/setuptools hasta 69.1.1 permite la ejecuci\\u00f3n remota de c\\u00f3digo a trav\\u00e9s de sus funciones de descarga. Estas funciones, que se utilizan para descargar paquetes desde URL proporcionadas por los usuarios o recuperadas de servidores de \\u00edndice de paquetes, son susceptibles a la inyecci\\u00f3n de c\\u00f3digo. Si estas funciones est\\u00e1n expuestas a entradas controladas por el usuario, como las URL de paquetes, pueden ejecutar comandos arbitrarios en el sistema. El problema se solucion\\u00f3 en la versi\\u00f3n 70.0.\"}]",
"id": "CVE-2024-6345",
"lastModified": "2024-11-21T09:49:28.170",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"security@huntr.dev\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
"published": "2024-07-15T01:15:01.730",
"references": "[{\"url\": \"https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security@huntr.dev\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-6345\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2024-07-15T01:15:01.730\",\"lastModified\":\"2026-06-17T08:17:49.463\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en el m\u00f3dulo package_index de las versiones de pypa/setuptools hasta 69.1.1 permite la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de sus funciones de descarga. Estas funciones, que se utilizan para descargar paquetes desde URL proporcionadas por los usuarios o recuperadas de servidores de \u00edndice de paquetes, son susceptibles a la inyecci\u00f3n de c\u00f3digo. Si estas funciones est\u00e1n expuestas a entradas controladas por el usuario, como las URL de paquetes, pueden ejecutar comandos arbitrarios en el sistema. El problema se solucion\u00f3 en la versi\u00f3n 70.0.\"}],\"affected\":[{\"source\":\"security@huntr.dev\",\"affectedData\":[{\"vendor\":\"pypa\",\"product\":\"pypa/setuptools\",\"versions\":[{\"version\":\"unspecified\",\"lessThan\":\"70.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"affectedData\":[{\"vendor\":\"python\",\"product\":\"setuptools\",\"defaultStatus\":\"unknown\",\"cpes\":[\"cpe:2.3:a:python:setuptools:69.1.1:*:*:*:*:*:*:*\"],\"versions\":[{\"version\":\"69.1.1\",\"lessThan\":\"70.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-07-15T13:33:16.586239Z\",\"id\":\"CVE-2024-6345\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"references\":[{\"url\":\"https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-04T16:15:51.183Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-6345\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-15T13:33:16.586239Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:python:setuptools:69.1.1:*:*:*:*:*:*:*\"], \"vendor\": \"python\", \"product\": \"setuptools\", \"versions\": [{\"status\": \"affected\", \"version\": \"69.1.1\", \"lessThan\": \"70.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-15T13:38:29.989Z\"}}], \"cna\": {\"title\": \"Remote Code Execution in pypa/setuptools\", \"source\": {\"advisory\": \"d6362117-ad57-4e83-951f-b8141c6e7ca5\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"pypa\", \"product\": \"pypa/setuptools\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"70.0\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5\"}, {\"url\": \"https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94 Improper Control of Generation of Code\"}]}], \"providerMetadata\": {\"orgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"shortName\": \"@huntr_ai\", \"dateUpdated\": \"2024-07-15T00:00:14.545Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-6345\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-04T16:15:51.183Z\", \"dateReserved\": \"2024-06-26T08:16:17.895Z\", \"assignerOrgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"datePublished\": \"2024-07-15T00:00:14.545Z\", \"assignerShortName\": \"@huntr_ai\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2024_8173
Vulnerability from csaf_redhat - Published: 2024-10-16 06:29 - Updated: 2024-12-18 05:27A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.E4S:resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.E4S:resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.E4S:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.E4S:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.E4S:resource-agents-debugsource-0:4.9.0-16.el8_6.14.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.E4S:resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.E4S:resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.E4S:resource-agents-paf-0:4.9.0-16.el8_6.14.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.E4S:resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.TUS:resource-agents-0:4.9.0-16.el8_6.14.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.TUS:resource-agents-0:4.9.0-16.el8_6.14.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.TUS:resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.TUS:resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.TUS:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.TUS:resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.TUS:resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.6.0.Z.TUS:resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for resource-agents is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.\n\nSecurity Fix(es):\n\n* pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8173",
"url": "https://access.redhat.com/errata/RHSA-2024:8173"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2297771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297771"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8173.json"
}
],
"title": "Red Hat Security Advisory: resource-agents security update",
"tracking": {
"current_release_date": "2024-12-18T05:27:16+00:00",
"generator": {
"date": "2024-12-18T05:27:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:8173",
"initial_release_date": "2024-10-16T06:29:08+00:00",
"revision_history": [
{
"date": "2024-10-16T06:29:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-16T06:29:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T05:27:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux High Availability E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux High Availability E4S (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.6::highavailability"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux High Availability TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux High Availability TUS (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.6::highavailability"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "resource-agents-0:4.9.0-16.el8_6.14.src",
"product": {
"name": "resource-agents-0:4.9.0-16.el8_6.14.src",
"product_id": "resource-agents-0:4.9.0-16.el8_6.14.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents@4.9.0-16.el8_6.14?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "resource-agents-0:4.9.0-16.el8_6.14.ppc64le",
"product": {
"name": "resource-agents-0:4.9.0-16.el8_6.14.ppc64le",
"product_id": "resource-agents-0:4.9.0-16.el8_6.14.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents@4.9.0-16.el8_6.14?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "resource-agents-paf-0:4.9.0-16.el8_6.14.ppc64le",
"product": {
"name": "resource-agents-paf-0:4.9.0-16.el8_6.14.ppc64le",
"product_id": "resource-agents-paf-0:4.9.0-16.el8_6.14.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-paf@4.9.0-16.el8_6.14?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "resource-agents-debugsource-0:4.9.0-16.el8_6.14.ppc64le",
"product": {
"name": "resource-agents-debugsource-0:4.9.0-16.el8_6.14.ppc64le",
"product_id": "resource-agents-debugsource-0:4.9.0-16.el8_6.14.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-debugsource@4.9.0-16.el8_6.14?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "resource-agents-debuginfo-0:4.9.0-16.el8_6.14.ppc64le",
"product": {
"name": "resource-agents-debuginfo-0:4.9.0-16.el8_6.14.ppc64le",
"product_id": "resource-agents-debuginfo-0:4.9.0-16.el8_6.14.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-debuginfo@4.9.0-16.el8_6.14?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "resource-agents-0:4.9.0-16.el8_6.14.x86_64",
"product": {
"name": "resource-agents-0:4.9.0-16.el8_6.14.x86_64",
"product_id": "resource-agents-0:4.9.0-16.el8_6.14.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents@4.9.0-16.el8_6.14?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64",
"product": {
"name": "resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64",
"product_id": "resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-aliyun@4.9.0-16.el8_6.14?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64",
"product": {
"name": "resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64",
"product_id": "resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-gcp@4.9.0-16.el8_6.14?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64",
"product": {
"name": "resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64",
"product_id": "resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-paf@4.9.0-16.el8_6.14?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64",
"product": {
"name": "resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64",
"product_id": "resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-debugsource@4.9.0-16.el8_6.14?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"product": {
"name": "resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"product_id": "resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-aliyun-debuginfo@4.9.0-16.el8_6.14?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"product": {
"name": "resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"product_id": "resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-debuginfo@4.9.0-16.el8_6.14?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-0:4.9.0-16.el8_6.14.ppc64le as a component of Red Hat Enterprise Linux High Availability E4S (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.ppc64le"
},
"product_reference": "resource-agents-0:4.9.0-16.el8_6.14.ppc64le",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-0:4.9.0-16.el8_6.14.src as a component of Red Hat Enterprise Linux High Availability E4S (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.src"
},
"product_reference": "resource-agents-0:4.9.0-16.el8_6.14.src",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-0:4.9.0-16.el8_6.14.x86_64 as a component of Red Hat Enterprise Linux High Availability E4S (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.x86_64"
},
"product_reference": "resource-agents-0:4.9.0-16.el8_6.14.x86_64",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64 as a component of Red Hat Enterprise Linux High Availability E4S (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.E4S:resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64"
},
"product_reference": "resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64 as a component of Red Hat Enterprise Linux High Availability E4S (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.E4S:resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64"
},
"product_reference": "resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debuginfo-0:4.9.0-16.el8_6.14.ppc64le as a component of Red Hat Enterprise Linux High Availability E4S (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.E4S:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.ppc64le"
},
"product_reference": "resource-agents-debuginfo-0:4.9.0-16.el8_6.14.ppc64le",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64 as a component of Red Hat Enterprise Linux High Availability E4S (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.E4S:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64"
},
"product_reference": "resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debugsource-0:4.9.0-16.el8_6.14.ppc64le as a component of Red Hat Enterprise Linux High Availability E4S (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.E4S:resource-agents-debugsource-0:4.9.0-16.el8_6.14.ppc64le"
},
"product_reference": "resource-agents-debugsource-0:4.9.0-16.el8_6.14.ppc64le",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64 as a component of Red Hat Enterprise Linux High Availability E4S (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.E4S:resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64"
},
"product_reference": "resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64 as a component of Red Hat Enterprise Linux High Availability E4S (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.E4S:resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64"
},
"product_reference": "resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-paf-0:4.9.0-16.el8_6.14.ppc64le as a component of Red Hat Enterprise Linux High Availability E4S (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.E4S:resource-agents-paf-0:4.9.0-16.el8_6.14.ppc64le"
},
"product_reference": "resource-agents-paf-0:4.9.0-16.el8_6.14.ppc64le",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64 as a component of Red Hat Enterprise Linux High Availability E4S (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.E4S:resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64"
},
"product_reference": "resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-0:4.9.0-16.el8_6.14.src as a component of Red Hat Enterprise Linux High Availability TUS (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.TUS:resource-agents-0:4.9.0-16.el8_6.14.src"
},
"product_reference": "resource-agents-0:4.9.0-16.el8_6.14.src",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-0:4.9.0-16.el8_6.14.x86_64 as a component of Red Hat Enterprise Linux High Availability TUS (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.TUS:resource-agents-0:4.9.0-16.el8_6.14.x86_64"
},
"product_reference": "resource-agents-0:4.9.0-16.el8_6.14.x86_64",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64 as a component of Red Hat Enterprise Linux High Availability TUS (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.TUS:resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64"
},
"product_reference": "resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64 as a component of Red Hat Enterprise Linux High Availability TUS (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.TUS:resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64"
},
"product_reference": "resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64 as a component of Red Hat Enterprise Linux High Availability TUS (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.TUS:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64"
},
"product_reference": "resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64 as a component of Red Hat Enterprise Linux High Availability TUS (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.TUS:resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64"
},
"product_reference": "resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64 as a component of Red Hat Enterprise Linux High Availability TUS (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.TUS:resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64"
},
"product_reference": "resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64 as a component of Red Hat Enterprise Linux High Availability TUS (v.8.6)",
"product_id": "HighAvailability-8.6.0.Z.TUS:resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64"
},
"product_reference": "resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64",
"relates_to_product_reference": "HighAvailability-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-6345",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2024-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2297771"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack does not include setuptools. The ImcSdk component uses it only during compile time in our build systems, and we do not support recompiling SRPMs. As a result, Red Hat OpenStack is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.ppc64le",
"HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.src",
"HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.ppc64le",
"HighAvailability-8.6.0.Z.E4S:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-debugsource-0:4.9.0-16.el8_6.14.ppc64le",
"HighAvailability-8.6.0.Z.E4S:resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-paf-0:4.9.0-16.el8_6.14.ppc64le",
"HighAvailability-8.6.0.Z.E4S:resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-0:4.9.0-16.el8_6.14.src",
"HighAvailability-8.6.0.Z.TUS:resource-agents-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "RHBZ#2297771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0",
"url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5",
"url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5"
}
],
"release_date": "2024-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-16T06:29:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.ppc64le",
"HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.src",
"HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.ppc64le",
"HighAvailability-8.6.0.Z.E4S:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-debugsource-0:4.9.0-16.el8_6.14.ppc64le",
"HighAvailability-8.6.0.Z.E4S:resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-paf-0:4.9.0-16.el8_6.14.ppc64le",
"HighAvailability-8.6.0.Z.E4S:resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-0:4.9.0-16.el8_6.14.src",
"HighAvailability-8.6.0.Z.TUS:resource-agents-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8173"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.ppc64le",
"HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.src",
"HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.ppc64le",
"HighAvailability-8.6.0.Z.E4S:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-debugsource-0:4.9.0-16.el8_6.14.ppc64le",
"HighAvailability-8.6.0.Z.E4S:resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-paf-0:4.9.0-16.el8_6.14.ppc64le",
"HighAvailability-8.6.0.Z.E4S:resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-0:4.9.0-16.el8_6.14.src",
"HighAvailability-8.6.0.Z.TUS:resource-agents-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.ppc64le",
"HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.src",
"HighAvailability-8.6.0.Z.E4S:resource-agents-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.ppc64le",
"HighAvailability-8.6.0.Z.E4S:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-debugsource-0:4.9.0-16.el8_6.14.ppc64le",
"HighAvailability-8.6.0.Z.E4S:resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.E4S:resource-agents-paf-0:4.9.0-16.el8_6.14.ppc64le",
"HighAvailability-8.6.0.Z.E4S:resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-0:4.9.0-16.el8_6.14.src",
"HighAvailability-8.6.0.Z.TUS:resource-agents-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-aliyun-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-aliyun-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-debuginfo-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-debugsource-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-gcp-0:4.9.0-16.el8_6.14.x86_64",
"HighAvailability-8.6.0.Z.TUS:resource-agents-paf-0:4.9.0-16.el8_6.14.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools"
}
]
}
RHSA-2024_8179
Vulnerability from csaf_redhat - Published: 2024-10-16 12:06 - Updated: 2024-12-18 05:27A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for resource-agents is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.\n\nSecurity Fix(es):\n\n* pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools (CVE-2024-6345)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8179",
"url": "https://access.redhat.com/errata/RHSA-2024:8179"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2297771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297771"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8179.json"
}
],
"title": "Red Hat Security Advisory: resource-agents security update",
"tracking": {
"current_release_date": "2024-12-18T05:27:26+00:00",
"generator": {
"date": "2024-12-18T05:27:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:8179",
"initial_release_date": "2024-10-16T12:06:34+00:00",
"revision_history": [
{
"date": "2024-10-16T12:06:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-16T12:06:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-18T05:27:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::highavailability"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.8::resilientstorage"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "resource-agents-0:4.9.0-40.el8_8.6.src",
"product": {
"name": "resource-agents-0:4.9.0-40.el8_8.6.src",
"product_id": "resource-agents-0:4.9.0-40.el8_8.6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents@4.9.0-40.el8_8.6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "resource-agents-0:4.9.0-40.el8_8.6.ppc64le",
"product": {
"name": "resource-agents-0:4.9.0-40.el8_8.6.ppc64le",
"product_id": "resource-agents-0:4.9.0-40.el8_8.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents@4.9.0-40.el8_8.6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le",
"product": {
"name": "resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le",
"product_id": "resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-paf@4.9.0-40.el8_8.6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le",
"product": {
"name": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le",
"product_id": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-debugsource@4.9.0-40.el8_8.6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le",
"product": {
"name": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le",
"product_id": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-debuginfo@4.9.0-40.el8_8.6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "resource-agents-0:4.9.0-40.el8_8.6.x86_64",
"product": {
"name": "resource-agents-0:4.9.0-40.el8_8.6.x86_64",
"product_id": "resource-agents-0:4.9.0-40.el8_8.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents@4.9.0-40.el8_8.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64",
"product": {
"name": "resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64",
"product_id": "resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-aliyun@4.9.0-40.el8_8.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64",
"product": {
"name": "resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64",
"product_id": "resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-gcp@4.9.0-40.el8_8.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64",
"product": {
"name": "resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64",
"product_id": "resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-paf@4.9.0-40.el8_8.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64",
"product": {
"name": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64",
"product_id": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-debugsource@4.9.0-40.el8_8.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"product": {
"name": "resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"product_id": "resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-aliyun-debuginfo@4.9.0-40.el8_8.6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"product": {
"name": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"product_id": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-debuginfo@4.9.0-40.el8_8.6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "resource-agents-0:4.9.0-40.el8_8.6.s390x",
"product": {
"name": "resource-agents-0:4.9.0-40.el8_8.6.s390x",
"product_id": "resource-agents-0:4.9.0-40.el8_8.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents@4.9.0-40.el8_8.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "resource-agents-paf-0:4.9.0-40.el8_8.6.s390x",
"product": {
"name": "resource-agents-paf-0:4.9.0-40.el8_8.6.s390x",
"product_id": "resource-agents-paf-0:4.9.0-40.el8_8.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-paf@4.9.0-40.el8_8.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x",
"product": {
"name": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x",
"product_id": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-debugsource@4.9.0-40.el8_8.6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x",
"product": {
"name": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x",
"product_id": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-debuginfo@4.9.0-40.el8_8.6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "resource-agents-0:4.9.0-40.el8_8.6.aarch64",
"product": {
"name": "resource-agents-0:4.9.0-40.el8_8.6.aarch64",
"product_id": "resource-agents-0:4.9.0-40.el8_8.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents@4.9.0-40.el8_8.6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64",
"product": {
"name": "resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64",
"product_id": "resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-paf@4.9.0-40.el8_8.6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64",
"product": {
"name": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64",
"product_id": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-debugsource@4.9.0-40.el8_8.6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64",
"product": {
"name": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64",
"product_id": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/resource-agents-debuginfo@4.9.0-40.el8_8.6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-0:4.9.0-40.el8_8.6.aarch64 as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.aarch64"
},
"product_reference": "resource-agents-0:4.9.0-40.el8_8.6.aarch64",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-0:4.9.0-40.el8_8.6.ppc64le as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.ppc64le"
},
"product_reference": "resource-agents-0:4.9.0-40.el8_8.6.ppc64le",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-0:4.9.0-40.el8_8.6.s390x as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.s390x"
},
"product_reference": "resource-agents-0:4.9.0-40.el8_8.6.s390x",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-0:4.9.0-40.el8_8.6.src as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.src"
},
"product_reference": "resource-agents-0:4.9.0-40.el8_8.6.src",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-0:4.9.0-40.el8_8.6.x86_64 as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.x86_64"
},
"product_reference": "resource-agents-0:4.9.0-40.el8_8.6.x86_64",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64 as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64"
},
"product_reference": "resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64 as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64"
},
"product_reference": "resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64 as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64"
},
"product_reference": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le"
},
"product_reference": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x"
},
"product_reference": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64 as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64"
},
"product_reference": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64 as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64"
},
"product_reference": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le"
},
"product_reference": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x"
},
"product_reference": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64 as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64"
},
"product_reference": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64 as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64"
},
"product_reference": "resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64 as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64"
},
"product_reference": "resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le"
},
"product_reference": "resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-paf-0:4.9.0-40.el8_8.6.s390x as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.s390x"
},
"product_reference": "resource-agents-paf-0:4.9.0-40.el8_8.6.s390x",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64 as a component of Red Hat Enterprise Linux High Availability EUS (v.8.8)",
"product_id": "HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64"
},
"product_reference": "resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64",
"relates_to_product_reference": "HighAvailability-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-0:4.9.0-40.el8_8.6.aarch64 as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.aarch64"
},
"product_reference": "resource-agents-0:4.9.0-40.el8_8.6.aarch64",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-0:4.9.0-40.el8_8.6.ppc64le as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.ppc64le"
},
"product_reference": "resource-agents-0:4.9.0-40.el8_8.6.ppc64le",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-0:4.9.0-40.el8_8.6.s390x as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.s390x"
},
"product_reference": "resource-agents-0:4.9.0-40.el8_8.6.s390x",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-0:4.9.0-40.el8_8.6.src as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.src"
},
"product_reference": "resource-agents-0:4.9.0-40.el8_8.6.src",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-0:4.9.0-40.el8_8.6.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.x86_64"
},
"product_reference": "resource-agents-0:4.9.0-40.el8_8.6.x86_64",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64"
},
"product_reference": "resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64"
},
"product_reference": "resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64 as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64"
},
"product_reference": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le"
},
"product_reference": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x"
},
"product_reference": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64"
},
"product_reference": "resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64 as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64"
},
"product_reference": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le"
},
"product_reference": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x"
},
"product_reference": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64"
},
"product_reference": "resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64"
},
"product_reference": "resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64 as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64"
},
"product_reference": "resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le"
},
"product_reference": "resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-paf-0:4.9.0-40.el8_8.6.s390x as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.s390x"
},
"product_reference": "resource-agents-paf-0:4.9.0-40.el8_8.6.s390x",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage EUS (v.8.8)",
"product_id": "ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64"
},
"product_reference": "resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64",
"relates_to_product_reference": "ResilientStorage-8.8.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-6345",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2024-07-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2297771"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack does not include setuptools. The ImcSdk component uses it only during compile time in our build systems, and we do not support recompiling SRPMs. As a result, Red Hat OpenStack is not affected by this flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.aarch64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.ppc64le",
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.s390x",
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.src",
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le",
"HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.s390x",
"HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.aarch64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.ppc64le",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.s390x",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.src",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.s390x",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "RHBZ#2297771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0",
"url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5",
"url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5"
}
],
"release_date": "2024-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-16T12:06:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.aarch64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.ppc64le",
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.s390x",
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.src",
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le",
"HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.s390x",
"HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.aarch64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.ppc64le",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.s390x",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.src",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.s390x",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8179"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.aarch64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.ppc64le",
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.s390x",
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.src",
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le",
"HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.s390x",
"HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.aarch64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.ppc64le",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.s390x",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.src",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.s390x",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.aarch64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.ppc64le",
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.s390x",
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.src",
"HighAvailability-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x",
"HighAvailability-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64",
"HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le",
"HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.s390x",
"HighAvailability-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.aarch64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.ppc64le",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.s390x",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.src",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-aliyun-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-aliyun-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.aarch64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.ppc64le",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.s390x",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debuginfo-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.aarch64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.ppc64le",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.s390x",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-debugsource-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-gcp-0:4.9.0-40.el8_8.6.x86_64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.aarch64",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.ppc64le",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.s390x",
"ResilientStorage-8.8.0.Z.EUS:resource-agents-paf-0:4.9.0-40.el8_8.6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools"
}
]
}
RHSA-2026:33154
Vulnerability from csaf_redhat - Published: 2026-06-29 15:52 - Updated: 2026-07-03 12:13A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le | — |
Workaround
|
A flaw was found in the tar-fs package for Node.js. In affected versions, unauthorized file writes or overwrites outside the intended extraction directory can occur when extracting a maliciously crafted tar file. The issue is associated with index.js in the tar-fs package.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le | — |
A flaw was found in nanoid. Affected versions of nanoid mishandles non-integer values. When nanoid is called with a fractional value, there were a number of undesirable effects: - In browser and non-secure, the code infinite loops on while (size--) - In node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled: when i is initialized to poolOffset, pool[i] & 63 -> undefined & 63 -> 0 - If the first call in node is a fractional argument, the initial buffer allocation fails with an error The highest impact of this issue system availability.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le | — |
A denial-of-service (DoS) vulnerability has been identified in the brace-expansion JavaScript package. This issue occurs due to inefficient regular expression complexity, which can be exploited by an attacker providing specially crafted input. Such input could lead to excessive processing time and resource consumption, rendering applications that utilize this package unresponsive and causing a denial-of-service condition.
CWE-1333 - Inefficient Regular Expression Complexity| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le | — |
Workaround
|
A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le | — |
Workaround
|
A flaw was found in pyjwt. The library uses weak encryption, allowing an attacker to potentially decrypt sensitive data. A network-based attacker can exploit this vulnerability without authentication, possibly resulting in a denial of service or data exposure. This weakness stems from the use of inadequate cryptographic algorithms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le | — |
Workaround
|
A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic("unreachable") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le | — |
Workaround
|
A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le | — |
Workaround
|
A vulnerability in Ceph was discovered whereby an unprivileged user could change the permissions of a directory owned by the root user, gaining access to the targeted directory. The non-privileged user can escalate privileges to root in a CephFS mounted with ceph-fuse by applying chmod 777 (read, write, and execute for all users) to any directory owned by root. This allows the user to read, write, and execute to that directory even if they were not the original owner. The vulnerability could potentially allow a user to gain unauthorized access or modify critical system data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le | — |
Workaround
|
A symlink validation bypass flaw has been discovered in the npm tar-fs library. Affected versions are vulnerable to a symlink validation bypass if the destination directory is predictable with a specific tarball.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x | — |
Workaround
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le | — |
Workaround
|
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64 | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x | — | ||
| Unresolved product id: Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat build of Ceph Storage has been released",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 7.1.\nThis release updates to the latest version.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33154",
"url": "https://access.redhat.com/errata/RHSA-2026:33154"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12905",
"url": "https://access.redhat.com/security/cve/CVE-2024-12905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-55565",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-6345",
"url": "https://access.redhat.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13465",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-45768",
"url": "https://access.redhat.com/security/cve/CVE-2025-45768"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47913",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-50181",
"url": "https://access.redhat.com/security/cve/CVE-2025-50181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52555",
"url": "https://access.redhat.com/security/cve/CVE-2025-52555"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5889",
"url": "https://access.redhat.com/security/cve/CVE-2025-5889"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59343",
"url": "https://access.redhat.com/security/cve/CVE-2025-59343"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/",
"url": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33154.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ceph Storage",
"tracking": {
"current_release_date": "2026-07-03T12:13:16+00:00",
"generator": {
"date": "2026-07-03T12:13:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:33154",
"initial_release_date": "2026-06-29T15:52:25+00:00",
"revision_history": [
{
"date": "2026-06-29T15:52:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-29T15:52:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-03T12:13:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 7.1",
"product": {
"name": "Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:7.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3A8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=1781855851"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=1781856344"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3Ada760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=1781855108"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=1781856148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256%3Abe5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-7-rhel9\u0026tag=1781863705"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1781854814"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3Afebdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=1781855851"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=1781856344"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=1781855108"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3A3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=1781856148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256%3Afe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-7-rhel9\u0026tag=1781863705"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3A09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1781854814"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"product_id": "registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256%3Aeb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=1781855851"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=1781856344"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256%3A44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=1781855108"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256%3Aee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=1781856148"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-7-rhel9@sha256%3A57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-7-rhel9\u0026tag=1781863705"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256%3Aeb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1781854814"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64 as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64 as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64 as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64 as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64 as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64 as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le as a component of Red Hat Ceph Storage 7.1",
"product_id": "Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 7.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-6345",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2024-07-15T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2297771"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack does not include setuptools. The ImcSdk component uses it only during compile time in our build systems, and we do not support recompiling SRPMs. As a result, Red Hat OpenStack is not affected by this flaw.\n\nPython 2.7.18 was marked End of Life on 04/20/2020. No patches for Python 2 would be made available.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "RHBZ#2297771",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297771"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345"
},
{
"category": "external",
"summary": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0",
"url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5",
"url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5"
}
],
"release_date": "2024-07-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:52:25+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33154"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools"
},
{
"cve": "CVE-2024-12905",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-03-27T17:02:14.911888+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355460"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the tar-fs package for Node.js. In affected versions, unauthorized file writes or overwrites outside the intended extraction directory can occur when extracting a maliciously crafted tar file. The issue is associated with index.js in the tar-fs package.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: link following and path traversal via maliciously crafted tar file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an important severity because it allows attackers to extract a malicious tar file that can write or overwrite files outside the intended directory. This occurs due to improper handling of link resolution and pathname limitations. The risk is high for systems that automatically extract tar files, as it can lead to data corruption or unauthorized file modifications without user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12905"
},
{
"category": "external",
"summary": "RHBZ#2355460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed",
"url": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed"
}
],
"release_date": "2025-03-27T16:25:34.410000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:52:25+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33154"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: link following and path traversal via maliciously crafted tar file"
},
{
"cve": "CVE-2024-55565",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-12-09T02:00:45.255738+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331063"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nanoid. Affected versions of nanoid mishandles non-integer values. When nanoid is called with a fractional value, there were a number of undesirable effects:\n\n- In browser and non-secure, the code infinite loops on while (size--)\n- In node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled: when i is initialized to poolOffset, pool[i] \u0026 63 -\u003e undefined \u0026 63 -\u003e 0\n- If the first call in node is a fractional argument, the initial buffer allocation fails with an error\n\nThe highest impact of this issue system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nanoid: nanoid mishandles non-integer values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "RHBZ#2331063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8",
"url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/pull/510",
"url": "https://github.com/ai/nanoid/pull/510"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/releases/tag/5.0.9",
"url": "https://github.com/ai/nanoid/releases/tag/5.0.9"
}
],
"release_date": "2024-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:52:25+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33154"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nanoid: nanoid mishandles non-integer values"
},
{
"cve": "CVE-2025-5889",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2025-06-09T19:00:43.176857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2371270"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service (DoS) vulnerability has been identified in the brace-expansion JavaScript package. This issue occurs due to inefficient regular expression complexity, which can be exploited by an attacker providing specially crafted input. Such input could lead to excessive processing time and resource consumption, rendering applications that utilize this package unresponsive and causing a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: juliangruber brace-expansion index.js expand redos",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5889"
},
{
"category": "external",
"summary": "RHBZ#2371270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2371270"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5889",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5889"
},
{
"category": "external",
"summary": "https://gist.github.com/mmmsssttt404/37a40ce7d6e5ca604858fe30814d9466",
"url": "https://gist.github.com/mmmsssttt404/37a40ce7d6e5ca604858fe30814d9466"
},
{
"category": "external",
"summary": "https://github.com/juliangruber/brace-expansion/pull/65/commits/a5b98a4f30d7813266b221435e1eaaf25a1b0ac5",
"url": "https://github.com/juliangruber/brace-expansion/pull/65/commits/a5b98a4f30d7813266b221435e1eaaf25a1b0ac5"
},
{
"category": "external",
"summary": "https://vuldb.com/?ctiid.311660",
"url": "https://vuldb.com/?ctiid.311660"
},
{
"category": "external",
"summary": "https://vuldb.com/?id.311660",
"url": "https://vuldb.com/?id.311660"
},
{
"category": "external",
"summary": "https://vuldb.com/?submit.585717",
"url": "https://vuldb.com/?submit.585717"
}
],
"release_date": "2025-06-09T18:16:01.889000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:52:25+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33154"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "brace-expansion: juliangruber brace-expansion index.js expand redos"
},
{
"cve": "CVE-2025-13465",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2026-01-21T20:01:28.774829+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: prototype pollution in _.unset and _.omit functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.\n\nThe lodash dependency is bundled and used by the pcs-web-ui component of the PCS package. In Red Hat Enterprise Linux 8.10, the pcs-web-ui component is no longer included in the PCS package. As a result, RHEL 8.10 does not ship the vulnerable lodash component within PCS and is therefore not-affected by this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "RHBZ#2431740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-01-21T19:05:28.846000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:52:25+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33154"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: prototype pollution in _.unset and _.omit functions"
},
{
"cve": "CVE-2025-45768",
"discovery_date": "2025-07-31T21:01:30.698283+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pyjwt. The library uses weak encryption, allowing an attacker to potentially decrypt sensitive data. A network-based attacker can exploit this vulnerability without authentication, possibly resulting in a denial of service or data exposure. This weakness stems from the use of inadequate cryptographic algorithms.",
"title": "Vulnerability description"
},
{
"category": "other",
"text": "This CVE has been disputed by the PyJWT. The developers of PyJWT confirm that this issue is not a flaw in the library\u0027s function but rather a potential risk if an application developer chooses to use weak, short cryptographic keys.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-45768"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-45768",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45768"
}
],
"release_date": "2025-07-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:52:25+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33154"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pyjwt: pyjwt Weak Encryption Vulnerability"
},
{
"cve": "CVE-2025-47913",
"discovery_date": "2025-11-13T22:01:26.092452+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2414943"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSH_AGENT_SUCCESS (0x06) message to requests expecting typed replies (e.g., List, Sign). The unmarshal layer produces an unexpected message type, which the client code does not handle, leading to panic(\"unreachable\") or a nil-pointer dereference. A malicious agent or forwarded connection can exploit this to terminate the client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important because it allows any malicious or misbehaving SSH agent to force a crash in the client process using a single valid protocol byte. The panic occurs before the client has a chance to validate message structure or recover, which means an attacker controlling\u2014or intercepting\u2014SSH agent traffic can reliably terminate processes that rely on agent interactions. In environments where SSH agents operate over forwarded sockets, shared workspaces, or CI/CD runners, this turns into a reliable, unauthenticated remote denial of service against critical automation or developer tooling. The flaw also stems from unsafe assumptions in the unmarshalling logic, where unexpected but protocol-legal message types drop into \u201cunreachable\u201d code paths instead of being handled gracefully\u2014making it a design-level reliability break rather than a simple error-handling bug. For this reason, it is rated as an important availability-impacting vulnerability rather than a moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47913"
},
{
"category": "external",
"summary": "RHBZ#2414943",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47913"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-hcg3-q754-cr77",
"url": "https://github.com/advisories/GHSA-hcg3-q754-cr77"
},
{
"category": "external",
"summary": "https://go.dev/cl/700295",
"url": "https://go.dev/cl/700295"
},
{
"category": "external",
"summary": "https://go.dev/issue/75178",
"url": "https://go.dev/issue/75178"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4116",
"url": "https://pkg.go.dev/vuln/GO-2025-4116"
}
],
"release_date": "2025-11-13T21:29:39.907000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:52:25+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33154"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS"
},
{
"cve": "CVE-2025-50181",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2025-06-19T02:00:42.866992+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373799"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3. The `PoolManager` class allows redirects to be disabled by configuring retries in a specific manner, effectively bypassing intended HTTP redirection behavior. A network attacker can leverage this configuration to manipulate request flows and disrupt service. This bypass occurs through improper handling of retry parameters during PoolManager instantiation. This issue can reult in a denial of service or unintended data exposure due to altered request destinations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A flaw was found in the urllib3 library where it could be tricked into disclosing the Proxy-Authorization header to a destination server when a CONNECT tunnel is used. An attacker can set up a malicious redirect to a crafted URL, which, when followed by the client application, will cause the Proxy-Authorization header to be sent to the attacker-controlled server. This leaks sensitive credentials for the proxy. The impact is primarily on confidentiality. While urllib3 is a ubiquitous component, the vulnerability requires a specific scenario where a user is connecting to a proxy that requires authentication and is redirected to a malicious endpoint. This lowers the exploitability compared to a direct, unauthenticated remote attack, thus, warranting a Moderate severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-50181"
},
{
"category": "external",
"summary": "RHBZ#2373799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373799"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-50181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50181"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857",
"url": "https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-pq67-6m6q-mj2v"
}
],
"release_date": "2025-06-19T01:08:00.340000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:52:25+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33154"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation"
},
{
"cve": "CVE-2025-52555",
"cwe": {
"id": "CWE-272",
"name": "Least Privilege Violation"
},
"discovery_date": "2025-06-23T21:07:48.565000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2374412"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in Ceph was discovered whereby an unprivileged user could change the permissions of a directory owned by the root user, gaining access to the targeted directory. The non-privileged user can escalate privileges to root in a CephFS mounted with ceph-fuse by applying chmod 777 (read, write, and execute for all users) to any directory owned by root. This allows the user to read, write, and execute to that directory even if they were not the original owner. The vulnerability could potentially allow a user to gain unauthorized access or modify critical system data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ceph: privilege escalation by unprivileged users in a ceph-fuse mounted CephFS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52555"
},
{
"category": "external",
"summary": "RHBZ#2374412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2374412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52555"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52555",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52555"
},
{
"category": "external",
"summary": "https://github.com/ceph/ceph/pull/60314",
"url": "https://github.com/ceph/ceph/pull/60314"
},
{
"category": "external",
"summary": "https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm",
"url": "https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm"
}
],
"release_date": "2025-06-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:52:25+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33154"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have any recommended mitigations at this time. Please update as patched versions become available.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "ceph: privilege escalation by unprivileged users in a ceph-fuse mounted CephFS"
},
{
"cve": "CVE-2025-59343",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-09-24T18:01:19.612438+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397901"
}
],
"notes": [
{
"category": "description",
"text": "A symlink validation bypass flaw has been discovered in the npm tar-fs library. Affected versions are vulnerable to a symlink validation bypass if the destination directory is predictable with a specific tarball.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: tar-fs symlink validation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59343"
},
{
"category": "external",
"summary": "RHBZ#2397901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59343",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59343"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59343"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09",
"url": "https://github.com/mafintosh/tar-fs/commit/0bd54cdf06da2b7b5b95cd4b062c9f4e0a8c4e09"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v",
"url": "https://github.com/mafintosh/tar-fs/security/advisories/GHSA-vj76-c3g6-qr5v"
}
],
"release_date": "2025-09-24T17:43:34.728000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:52:25+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33154"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: tar-fs symlink validation bypass"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"known_not_affected": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T15:52:25+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33154"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:8bcb8976618246bc3c73f7986b7d566d9d26cda16c6043f6820f6efa2f8a3c2c_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:eb16743753a9a8d1c781d211a52e7e7ef1eb85c5d816b1328b48196a330af717_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/grafana-rhel9@sha256:febdc339e022b45a25d0956536adda36c761e71770a0d60475ea7ae4a331d898_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:3a4815d3406f797d153af4ec0f8d599981f44bb7fd98429b3ea8f935b4b96d30_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:44d1c4858b983250a223f56d1dbb4f255bb9c2ac50d0f5dbabdc62f9519789b6_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/keepalived-rhel9@sha256:da760b2fd9c2636f5b82e1d3b332f2efe0bbbbbe0624bf4c912bda10be057fe3_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:57eaf98ed402584fca1e6b804ad97fbf2287219ad617f69c96b0cd48279e7a98_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:be5cbfcebfac4d05e8b1e6c39e00a7571987d1a7efd995b4ea6333c8c0a7e812_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-7-rhel9@sha256:fe482274c22406b77c3fd4bd4822b10f0d1e94bdc7a69fa1843a2f3d85860c8a_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:14f8f48bbcbd2f61be00cf5cbe636fa13f65404732e115fdb910bbce7578c734_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:3b07124326d4fb24eabbc3127068a00a8e54873943a9e4896f276e9be1f5c8bb_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:4c30728f5f5c19a7b570bd677e3733c68dff8d661da292a304318fdc87d235c7_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3068c146d01dd9e5065d4a18158e57be1dbe88d53ecc71b44ab832f359b9537e_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:3529361e69b98fa7875f542d8e2fc90cbbc694b12b442ee354b8c008f623d2f7_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/rhceph-promtail-rhel9@sha256:ee7d1dbad6fbd2a80b00db3cd949bd6b45f17b90aec8400d79c6ee2d6dea1117_ppc64le",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:014266a322f1df6bcec437f06ff66e8dee91a2f84e6a8333b6035b0031a165b6_amd64",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:09c6b326c8582909aac8a4f782ff0ff352cc3347a26f0e282be7537dfa746853_s390x",
"Red Hat Ceph Storage 7.1:registry.redhat.io/rhceph/snmp-notifier-rhel9@sha256:eb7dcdf167e1319f218aae5bf042ad79336821e854dfaf6283b38f0b1b186734_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
}
]
}
SUSE-SU-2024:2899-1
Vulnerability from csaf_suse - Published: 2024-08-14 00:38 - Updated: 2024-08-14 00:38| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:python3-setuptools-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:python3-setuptools-test-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 7.1:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python2-setuptools-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-setuptools-test-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.1:python3-setuptools-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.2:python3-setuptools-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:python2-setuptools-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP2-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:python3-setuptools-test-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:python2-setuptools-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-setuptools-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-setuptools-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-setuptools-test-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-setuptools",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-setuptools fixes the following issues:\n\n- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2899,SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-2899,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2899,SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-2899,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2899,SUSE-SLE-Product-SLES_SAP-15-SP2-2024-2899,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2899,SUSE-SUSE-MicroOS-5.1-2024-2899,SUSE-SUSE-MicroOS-5.2-2024-2899,SUSE-Storage-7.1-2024-2899",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2899-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2899-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242899-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2899-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-August/036446.html"
},
{
"category": "self",
"summary": "SUSE Bug 1228105",
"url": "https://bugzilla.suse.com/1228105"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6345 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6345/"
}
],
"title": "Security update for python-setuptools",
"tracking": {
"current_release_date": "2024-08-14T00:38:03Z",
"generator": {
"date": "2024-08-14T00:38:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2899-1",
"initial_release_date": "2024-08-14T00:38:03Z",
"revision_history": [
{
"date": "2024-08-14T00:38:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python2-setuptools-40.5.0-150100.6.9.1.noarch",
"product": {
"name": "python2-setuptools-40.5.0-150100.6.9.1.noarch",
"product_id": "python2-setuptools-40.5.0-150100.6.9.1.noarch"
}
},
{
"category": "product_version",
"name": "python2-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"product": {
"name": "python2-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"product_id": "python2-setuptools-wheel-40.5.0-150100.6.9.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-setuptools-40.5.0-150100.6.9.1.noarch",
"product": {
"name": "python3-setuptools-40.5.0-150100.6.9.1.noarch",
"product_id": "python3-setuptools-40.5.0-150100.6.9.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"product": {
"name": "python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"product_id": "python3-setuptools-test-40.5.0-150100.6.9.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"product": {
"name": "python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"product_id": "python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-setuptools-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python2-setuptools-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python2-setuptools-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-test-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-setuptools-test-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-setuptools-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:python2-setuptools-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python2-setuptools-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-test-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:python3-setuptools-test-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python2-setuptools-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:python2-setuptools-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python2-setuptools-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-setuptools-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-setuptools-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-test-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-setuptools-test-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:python3-setuptools-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-40.5.0-150100.6.9.1.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:python3-setuptools-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-40.5.0-150100.6.9.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:python3-setuptools-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-test-40.5.0-150100.6.9.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:python3-setuptools-test-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch"
},
"product_reference": "python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-6345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6345"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Enterprise Storage 7.1:python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"SUSE Enterprise Storage 7.1:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python2-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Micro 5.1:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python2-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python2-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6345",
"url": "https://www.suse.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "SUSE Bug 1228105 for CVE-2024-6345",
"url": "https://bugzilla.suse.com/1228105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Enterprise Storage 7.1:python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"SUSE Enterprise Storage 7.1:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python2-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Micro 5.1:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python2-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python2-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Enterprise Storage 7.1:python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"SUSE Enterprise Storage 7.1:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python2-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Micro 5.1:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Micro 5.2:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python2-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP2-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python2-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-setuptools-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-setuptools-test-40.5.0-150100.6.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:python3-setuptools-wheel-40.5.0-150100.6.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T00:38:03Z",
"details": "important"
}
],
"title": "CVE-2024-6345"
}
]
}
SUSE-SU-2024:2900-1
Vulnerability from csaf_suse - Published: 2024-08-14 06:55 - Updated: 2024-08-14 06:55| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Containers 12:python-setuptools-40.6.2-4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:python-setuptools-40.6.2-4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:python3-setuptools-40.6.2-4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:python-setuptools-40.6.2-4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:python3-setuptools-40.6.2-4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-setuptools-40.6.2-4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-setuptools-40.6.2-4.24.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP5:python3-setuptools-40.6.2-4.24.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-setuptools",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-setuptools fixes the following issues:\n\n- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2900,SUSE-SLE-Module-Containers-12-2024-2900,SUSE-SLE-Module-Public-Cloud-12-2024-2900,SUSE-SLE-SDK-12-SP5-2024-2900,SUSE-SLE-SERVER-12-SP5-2024-2900",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2900-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2900-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242900-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2900-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-August/036445.html"
},
{
"category": "self",
"summary": "SUSE Bug 1228105",
"url": "https://bugzilla.suse.com/1228105"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6345 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6345/"
}
],
"title": "Security update for python-setuptools",
"tracking": {
"current_release_date": "2024-08-14T06:55:58Z",
"generator": {
"date": "2024-08-14T06:55:58Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2900-1",
"initial_release_date": "2024-08-14T06:55:58Z",
"revision_history": [
{
"date": "2024-08-14T06:55:58Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-setuptools-40.6.2-4.24.1.noarch",
"product": {
"name": "python-setuptools-40.6.2-4.24.1.noarch",
"product_id": "python-setuptools-40.6.2-4.24.1.noarch"
}
},
{
"category": "product_version",
"name": "python-setuptools-wheel-40.6.2-4.24.1.noarch",
"product": {
"name": "python-setuptools-wheel-40.6.2-4.24.1.noarch",
"product_id": "python-setuptools-wheel-40.6.2-4.24.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-setuptools-40.6.2-4.24.1.noarch",
"product": {
"name": "python3-setuptools-40.6.2-4.24.1.noarch",
"product_id": "python3-setuptools-40.6.2-4.24.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-setuptools-test-40.6.2-4.24.1.noarch",
"product": {
"name": "python3-setuptools-test-40.6.2-4.24.1.noarch",
"product_id": "python3-setuptools-test-40.6.2-4.24.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-setuptools-wheel-40.6.2-4.24.1.noarch",
"product": {
"name": "python3-setuptools-wheel-40.6.2-4.24.1.noarch",
"product_id": "python3-setuptools-wheel-40.6.2-4.24.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Containers 12",
"product": {
"name": "SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-containers:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-setuptools-40.6.2-4.24.1.noarch as component of SUSE Linux Enterprise Module for Containers 12",
"product_id": "SUSE Linux Enterprise Module for Containers 12:python-setuptools-40.6.2-4.24.1.noarch"
},
"product_reference": "python-setuptools-40.6.2-4.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-setuptools-40.6.2-4.24.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-setuptools-40.6.2-4.24.1.noarch"
},
"product_reference": "python-setuptools-40.6.2-4.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-40.6.2-4.24.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python3-setuptools-40.6.2-4.24.1.noarch"
},
"product_reference": "python3-setuptools-40.6.2-4.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-40.6.2-4.24.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP5",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP5:python3-setuptools-40.6.2-4.24.1.noarch"
},
"product_reference": "python3-setuptools-40.6.2-4.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-setuptools-40.6.2-4.24.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python-setuptools-40.6.2-4.24.1.noarch"
},
"product_reference": "python-setuptools-40.6.2-4.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-40.6.2-4.24.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python3-setuptools-40.6.2-4.24.1.noarch"
},
"product_reference": "python3-setuptools-40.6.2-4.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-setuptools-40.6.2-4.24.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-setuptools-40.6.2-4.24.1.noarch"
},
"product_reference": "python-setuptools-40.6.2-4.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-40.6.2-4.24.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-setuptools-40.6.2-4.24.1.noarch"
},
"product_reference": "python3-setuptools-40.6.2-4.24.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-6345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6345"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Containers 12:python-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-setuptools-40.6.2-4.24.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6345",
"url": "https://www.suse.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "SUSE Bug 1228105 for CVE-2024-6345",
"url": "https://bugzilla.suse.com/1228105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Containers 12:python-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-setuptools-40.6.2-4.24.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Containers 12:python-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python3-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Server 12 SP5:python3-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python3-setuptools-40.6.2-4.24.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP5:python3-setuptools-40.6.2-4.24.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T06:55:58Z",
"details": "important"
}
],
"title": "CVE-2024-6345"
}
]
}
SUSE-SU-2024:2904-1
Vulnerability from csaf_suse - Published: 2024-08-14 07:32 - Updated: 2024-08-14 07:32| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Python 3 15 SP6:python312-setuptools-68.1.2-150600.3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python312-setuptools-68.1.2-150600.3.3.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python312-setuptools",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python312-setuptools fixes the following issues:\n\n- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2904,SUSE-SLE-Module-Python3-15-SP6-2024-2904,openSUSE-SLE-15.6-2024-2904",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2904-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2904-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242904-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2904-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019192.html"
},
{
"category": "self",
"summary": "SUSE Bug 1228105",
"url": "https://bugzilla.suse.com/1228105"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6345 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6345/"
}
],
"title": "Security update for python312-setuptools",
"tracking": {
"current_release_date": "2024-08-14T07:32:23Z",
"generator": {
"date": "2024-08-14T07:32:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2904-1",
"initial_release_date": "2024-08-14T07:32:23Z",
"revision_history": [
{
"date": "2024-08-14T07:32:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python312-setuptools-68.1.2-150600.3.3.1.noarch",
"product": {
"name": "python312-setuptools-68.1.2-150600.3.3.1.noarch",
"product_id": "python312-setuptools-68.1.2-150600.3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-python3:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-setuptools-68.1.2-150600.3.3.1.noarch as component of SUSE Linux Enterprise Module for Python 3 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Python 3 15 SP6:python312-setuptools-68.1.2-150600.3.3.1.noarch"
},
"product_reference": "python312-setuptools-68.1.2-150600.3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Python 3 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-setuptools-68.1.2-150600.3.3.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python312-setuptools-68.1.2-150600.3.3.1.noarch"
},
"product_reference": "python312-setuptools-68.1.2-150600.3.3.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-6345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6345"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-setuptools-68.1.2-150600.3.3.1.noarch",
"openSUSE Leap 15.6:python312-setuptools-68.1.2-150600.3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6345",
"url": "https://www.suse.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "SUSE Bug 1228105 for CVE-2024-6345",
"url": "https://bugzilla.suse.com/1228105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-setuptools-68.1.2-150600.3.3.1.noarch",
"openSUSE Leap 15.6:python312-setuptools-68.1.2-150600.3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Python 3 15 SP6:python312-setuptools-68.1.2-150600.3.3.1.noarch",
"openSUSE Leap 15.6:python312-setuptools-68.1.2-150600.3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T07:32:23Z",
"details": "important"
}
],
"title": "CVE-2024-6345"
}
]
}
SUSE-SU-2024:2906-1
Vulnerability from csaf_suse - Published: 2024-08-14 09:04 - Updated: 2024-08-14 09:04| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 7.1:python39-setuptools-44.1.1-150300.7.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python39-setuptools-44.1.1-150300.7.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP3-LTSS:python39-setuptools-44.1.1-150300.7.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP3:python39-setuptools-44.1.1-150300.7.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python39-setuptools-44.1.1-150300.7.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python39-setuptools-44.1.1-150300.7.9.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python39-setuptools",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python39-setuptools fixes the following issues:\n\n- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2906,SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-2906,SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-2906,SUSE-SLE-Product-SLES_SAP-15-SP3-2024-2906,SUSE-Storage-7.1-2024-2906,openSUSE-SLE-15.5-2024-2906,openSUSE-SLE-15.6-2024-2906",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2906-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2906-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242906-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2906-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019190.html"
},
{
"category": "self",
"summary": "SUSE Bug 1228105",
"url": "https://bugzilla.suse.com/1228105"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6345 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6345/"
}
],
"title": "Security update for python39-setuptools",
"tracking": {
"current_release_date": "2024-08-14T09:04:09Z",
"generator": {
"date": "2024-08-14T09:04:09Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2906-1",
"initial_release_date": "2024-08-14T09:04:09Z",
"revision_history": [
{
"date": "2024-08-14T09:04:09Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python39-setuptools-44.1.1-150300.7.9.1.noarch",
"product": {
"name": "python39-setuptools-44.1.1-150300.7.9.1.noarch",
"product_id": "python39-setuptools-44.1.1-150300.7.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-setuptools-44.1.1-150300.7.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python39-setuptools-44.1.1-150300.7.9.1.noarch"
},
"product_reference": "python39-setuptools-44.1.1-150300.7.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-setuptools-44.1.1-150300.7.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:python39-setuptools-44.1.1-150300.7.9.1.noarch"
},
"product_reference": "python39-setuptools-44.1.1-150300.7.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-setuptools-44.1.1-150300.7.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:python39-setuptools-44.1.1-150300.7.9.1.noarch"
},
"product_reference": "python39-setuptools-44.1.1-150300.7.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-setuptools-44.1.1-150300.7.9.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:python39-setuptools-44.1.1-150300.7.9.1.noarch"
},
"product_reference": "python39-setuptools-44.1.1-150300.7.9.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-setuptools-44.1.1-150300.7.9.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python39-setuptools-44.1.1-150300.7.9.1.noarch"
},
"product_reference": "python39-setuptools-44.1.1-150300.7.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python39-setuptools-44.1.1-150300.7.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python39-setuptools-44.1.1-150300.7.9.1.noarch"
},
"product_reference": "python39-setuptools-44.1.1-150300.7.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-6345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6345"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:python39-setuptools-44.1.1-150300.7.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python39-setuptools-44.1.1-150300.7.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:python39-setuptools-44.1.1-150300.7.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:python39-setuptools-44.1.1-150300.7.9.1.noarch",
"openSUSE Leap 15.5:python39-setuptools-44.1.1-150300.7.9.1.noarch",
"openSUSE Leap 15.6:python39-setuptools-44.1.1-150300.7.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6345",
"url": "https://www.suse.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "SUSE Bug 1228105 for CVE-2024-6345",
"url": "https://bugzilla.suse.com/1228105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:python39-setuptools-44.1.1-150300.7.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python39-setuptools-44.1.1-150300.7.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:python39-setuptools-44.1.1-150300.7.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:python39-setuptools-44.1.1-150300.7.9.1.noarch",
"openSUSE Leap 15.5:python39-setuptools-44.1.1-150300.7.9.1.noarch",
"openSUSE Leap 15.6:python39-setuptools-44.1.1-150300.7.9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:python39-setuptools-44.1.1-150300.7.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:python39-setuptools-44.1.1-150300.7.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:python39-setuptools-44.1.1-150300.7.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:python39-setuptools-44.1.1-150300.7.9.1.noarch",
"openSUSE Leap 15.5:python39-setuptools-44.1.1-150300.7.9.1.noarch",
"openSUSE Leap 15.6:python39-setuptools-44.1.1-150300.7.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T09:04:09Z",
"details": "important"
}
],
"title": "CVE-2024-6345"
}
]
}
SUSE-SU-2024:2907-1
Vulnerability from csaf_suse - Published: 2024-08-14 11:04 - Updated: 2024-08-14 11:04| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-setuptools-67.6.1-150400.4.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python310-setuptools-67.6.1-150400.4.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:python310-setuptools-67.6.1-150400.4.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:python310-setuptools-67.6.1-150400.4.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python310-setuptools-67.6.1-150400.4.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python310-setuptools-67.6.1-150400.4.9.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python310-setuptools",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python310-setuptools fixes the following issues:\n\n- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2907,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-2907,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-2907,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-2907,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-2907,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-2907,openSUSE-SLE-15.5-2024-2907,openSUSE-SLE-15.6-2024-2907",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2907-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2907-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242907-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2907-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019189.html"
},
{
"category": "self",
"summary": "SUSE Bug 1228105",
"url": "https://bugzilla.suse.com/1228105"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6345 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6345/"
}
],
"title": "Security update for python310-setuptools",
"tracking": {
"current_release_date": "2024-08-14T11:04:06Z",
"generator": {
"date": "2024-08-14T11:04:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2907-1",
"initial_release_date": "2024-08-14T11:04:06Z",
"revision_history": [
{
"date": "2024-08-14T11:04:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python310-setuptools-67.6.1-150400.4.9.1.noarch",
"product": {
"name": "python310-setuptools-67.6.1-150400.4.9.1.noarch",
"product_id": "python310-setuptools-67.6.1-150400.4.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-setuptools-67.6.1-150400.4.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-setuptools-67.6.1-150400.4.9.1.noarch"
},
"product_reference": "python310-setuptools-67.6.1-150400.4.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-setuptools-67.6.1-150400.4.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python310-setuptools-67.6.1-150400.4.9.1.noarch"
},
"product_reference": "python310-setuptools-67.6.1-150400.4.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-setuptools-67.6.1-150400.4.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:python310-setuptools-67.6.1-150400.4.9.1.noarch"
},
"product_reference": "python310-setuptools-67.6.1-150400.4.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-setuptools-67.6.1-150400.4.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python310-setuptools-67.6.1-150400.4.9.1.noarch"
},
"product_reference": "python310-setuptools-67.6.1-150400.4.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-setuptools-67.6.1-150400.4.9.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python310-setuptools-67.6.1-150400.4.9.1.noarch"
},
"product_reference": "python310-setuptools-67.6.1-150400.4.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python310-setuptools-67.6.1-150400.4.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python310-setuptools-67.6.1-150400.4.9.1.noarch"
},
"product_reference": "python310-setuptools-67.6.1-150400.4.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-6345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6345"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-setuptools-67.6.1-150400.4.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python310-setuptools-67.6.1-150400.4.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python310-setuptools-67.6.1-150400.4.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python310-setuptools-67.6.1-150400.4.9.1.noarch",
"openSUSE Leap 15.5:python310-setuptools-67.6.1-150400.4.9.1.noarch",
"openSUSE Leap 15.6:python310-setuptools-67.6.1-150400.4.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6345",
"url": "https://www.suse.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "SUSE Bug 1228105 for CVE-2024-6345",
"url": "https://bugzilla.suse.com/1228105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-setuptools-67.6.1-150400.4.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python310-setuptools-67.6.1-150400.4.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python310-setuptools-67.6.1-150400.4.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python310-setuptools-67.6.1-150400.4.9.1.noarch",
"openSUSE Leap 15.5:python310-setuptools-67.6.1-150400.4.9.1.noarch",
"openSUSE Leap 15.6:python310-setuptools-67.6.1-150400.4.9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python310-setuptools-67.6.1-150400.4.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python310-setuptools-67.6.1-150400.4.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python310-setuptools-67.6.1-150400.4.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python310-setuptools-67.6.1-150400.4.9.1.noarch",
"openSUSE Leap 15.5:python310-setuptools-67.6.1-150400.4.9.1.noarch",
"openSUSE Leap 15.6:python310-setuptools-67.6.1-150400.4.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-14T11:04:06Z",
"details": "important"
}
],
"title": "CVE-2024-6345"
}
]
}
SUSE-SU-2024:2950-1
Vulnerability from csaf_suse - Published: 2024-08-16 14:03 - Updated: 2024-08-16 14:03| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:python36-setuptools-44.1.1-8.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-setuptools-44.1.1-8.9.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python36-setuptools",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python36-setuptools fixes the following issues:\n\n- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-2950,SUSE-SLE-SERVER-12-SP5-2024-2950",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_2950-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:2950-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20242950-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:2950-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2024-August/019217.html"
},
{
"category": "self",
"summary": "SUSE Bug 1228105",
"url": "https://bugzilla.suse.com/1228105"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6345 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6345/"
}
],
"title": "Security update for python36-setuptools",
"tracking": {
"current_release_date": "2024-08-16T14:03:46Z",
"generator": {
"date": "2024-08-16T14:03:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:2950-1",
"initial_release_date": "2024-08-16T14:03:46Z",
"revision_history": [
{
"date": "2024-08-16T14:03:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python36-setuptools-44.1.1-8.9.1.noarch",
"product": {
"name": "python36-setuptools-44.1.1-8.9.1.noarch",
"product_id": "python36-setuptools-44.1.1-8.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-setuptools-44.1.1-8.9.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:python36-setuptools-44.1.1-8.9.1.noarch"
},
"product_reference": "python36-setuptools-44.1.1-8.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python36-setuptools-44.1.1-8.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-setuptools-44.1.1-8.9.1.noarch"
},
"product_reference": "python36-setuptools-44.1.1-8.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-6345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6345"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:python36-setuptools-44.1.1-8.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-setuptools-44.1.1-8.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6345",
"url": "https://www.suse.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "SUSE Bug 1228105 for CVE-2024-6345",
"url": "https://bugzilla.suse.com/1228105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:python36-setuptools-44.1.1-8.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-setuptools-44.1.1-8.9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:python36-setuptools-44.1.1-8.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:python36-setuptools-44.1.1-8.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-16T14:03:46Z",
"details": "important"
}
],
"title": "CVE-2024-6345"
}
]
}
SUSE-SU-2024:3054-1
Vulnerability from csaf_suse - Published: 2024-08-28 12:48 - Updated: 2024-08-28 12:48| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-setuptools-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-setuptools-test-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-setuptools-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-setuptools-test-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:python3-setuptools-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:python3-setuptools-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:python3-setuptools-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-setuptools-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-setuptools-test-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-setuptools-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-setuptools-test-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:python3-setuptools-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:python3-setuptools-test-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP4-LTSS:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-setuptools-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-setuptools-test-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:python3-setuptools-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:python3-setuptools-test-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 4.3:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:python3-setuptools-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:python3-setuptools-test-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.3:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python3-setuptools-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python3-setuptools-test-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.5:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python3-setuptools-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python3-setuptools-test-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.6:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap Micro 5.5:python3-setuptools-44.1.1-150400.9.9.1.noarch | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python3-setuptools",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python3-setuptools fixes the following issues:\n\n- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2024-3054,SUSE-SLE-Micro-5.3-2024-3054,SUSE-SLE-Micro-5.4-2024-3054,SUSE-SLE-Micro-5.5-2024-3054,SUSE-SLE-Module-Basesystem-15-SP5-2024-3054,SUSE-SLE-Module-Basesystem-15-SP6-2024-3054,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-3054,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-3054,SUSE-SLE-Product-SLED-15-SP4-LTSS-2024-3054,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-3054,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-3054,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-3054,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-3054,openSUSE-Leap-Micro-5.5-2024-3054,openSUSE-SLE-15.5-2024-3054,openSUSE-SLE-15.6-2024-3054",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_3054-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2024:3054-1",
"url": "https://www.suse.com/support/update/announcement/2024/suse-su-20243054-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2024:3054-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2024-August/036709.html"
},
{
"category": "self",
"summary": "SUSE Bug 1228105",
"url": "https://bugzilla.suse.com/1228105"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-6345 page",
"url": "https://www.suse.com/security/cve/CVE-2024-6345/"
}
],
"title": "Security update for python3-setuptools",
"tracking": {
"current_release_date": "2024-08-28T12:48:45Z",
"generator": {
"date": "2024-08-28T12:48:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2024:3054-1",
"initial_release_date": "2024-08-28T12:48:45Z",
"revision_history": [
{
"date": "2024-08-28T12:48:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python3-setuptools-44.1.1-150400.9.9.1.noarch",
"product": {
"name": "python3-setuptools-44.1.1-150400.9.9.1.noarch",
"product_id": "python3-setuptools-44.1.1-150400.9.9.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"product": {
"name": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"product_id": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"product": {
"name": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"product_id": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp6"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap Micro 5.5",
"product": {
"name": "openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:python3-setuptools-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:python3-setuptools-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:python3-setuptools-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-setuptools-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-setuptools-test-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-setuptools-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-setuptools-test-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-setuptools-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-setuptools-test-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-setuptools-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-setuptools-test-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:python3-setuptools-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:python3-setuptools-test-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-setuptools-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-setuptools-test-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-44.1.1-150400.9.9.1.noarch as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:python3-setuptools-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:python3-setuptools-test-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch as component of SUSE Manager Proxy 4.3",
"product_id": "SUSE Manager Proxy 4.3:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-44.1.1-150400.9.9.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:python3-setuptools-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:python3-setuptools-test-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-44.1.1-150400.9.9.1.noarch as component of openSUSE Leap Micro 5.5",
"product_id": "openSUSE Leap Micro 5.5:python3-setuptools-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-44.1.1-150400.9.9.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python3-setuptools-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python3-setuptools-test-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-44.1.1-150400.9.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python3-setuptools-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python3-setuptools-test-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch"
},
"product_reference": "python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-6345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-6345"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Proxy 4.3:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Proxy 4.3:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Proxy 4.3:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Server 4.3:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Server 4.3:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Server 4.3:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.5:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.5:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.5:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.6:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.6:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.6:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap Micro 5.5:python3-setuptools-44.1.1-150400.9.9.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-6345",
"url": "https://www.suse.com/security/cve/CVE-2024-6345"
},
{
"category": "external",
"summary": "SUSE Bug 1228105 for CVE-2024-6345",
"url": "https://bugzilla.suse.com/1228105"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Proxy 4.3:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Proxy 4.3:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Proxy 4.3:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Server 4.3:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Server 4.3:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Server 4.3:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.5:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.5:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.5:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.6:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.6:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.6:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap Micro 5.5:python3-setuptools-44.1.1-150400.9.9.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Micro 5.3:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Micro 5.4:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Micro 5.5:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP6:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Proxy 4.3:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Proxy 4.3:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Proxy 4.3:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Server 4.3:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Server 4.3:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"SUSE Manager Server 4.3:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.5:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.5:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.5:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.6:python3-setuptools-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.6:python3-setuptools-test-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap 15.6:python3-setuptools-wheel-44.1.1-150400.9.9.1.noarch",
"openSUSE Leap Micro 5.5:python3-setuptools-44.1.1-150400.9.9.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-08-28T12:48:45Z",
"details": "important"
}
],
"title": "CVE-2024-6345"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.