[ClusterLabs] CVE-2020-11078 vulnerable to resource-agents module
Oyvind Albrigtsen
oalbrigt at redhat.com
Tue Feb 2 08:23:31 EST 2021
There is no fix for this in the agents, so you just need to check that
you're using httplib2 v0.18.0 or later, or that your distros httplib2
package changelog mentions that the CVE has been fixed to ensure you
wont be vulnerable.
https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq
Oyvind
On 01/02/21 12:54 +0000, S Sathish S wrote:
>Hi Team,
>
>Any update on below query.
>
>Thanks and Regards,
>S Sathish S
>From: S Sathish S
>Sent: Wednesday, January 27, 2021 3:33 PM
>To: 'users at clusterlabs.org' <users at clusterlabs.org>
>Subject: CVE-2020-11078 vulnerable to resource-agents module
>
>Hi Team,
>
>We need to know whether CVE-2020-11078 vulnerable to resource-agents module, kindly confirm on this.
>
>https://github.com/ClusterLabs/resource-agents --> 3.9.5
>
>
>Thanks and Regards,
>S Sathish S
>_______________________________________________
>Manage your subscription:
>https://lists.clusterlabs.org/mailman/listinfo/users
>
>ClusterLabs home: https://www.clusterlabs.org/
More information about the Users
mailing list