Anolis OS update for fence-agents
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-56201 CVE-2024-56326 |
| CWE-ID | CWE-254 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
Anolis OS Operating systems & Components / Operating system fence-agents-wti Operating systems & Components / Operating system package or component fence-agents-vmware-soap Operating systems & Components / Operating system package or component fence-agents-vmware-rest Operating systems & Components / Operating system package or component fence-agents-virsh Operating systems & Components / Operating system package or component fence-agents-scsi Operating systems & Components / Operating system package or component fence-agents-sbd Operating systems & Components / Operating system package or component fence-agents-rsb Operating systems & Components / Operating system package or component fence-agents-rsa Operating systems & Components / Operating system package or component fence-agents-rhevm Operating systems & Components / Operating system package or component fence-agents-mpath Operating systems & Components / Operating system package or component fence-agents-lpar Operating systems & Components / Operating system package or component fence-agents-ipmilan Operating systems & Components / Operating system package or component fence-agents-ipdu Operating systems & Components / Operating system package or component fence-agents-intelmodular Operating systems & Components / Operating system package or component fence-agents-ilo2 Operating systems & Components / Operating system package or component fence-agents-ilo-ssh Operating systems & Components / Operating system package or component fence-agents-ilo-mp Operating systems & Components / Operating system package or component fence-agents-ilo-moonshot Operating systems & Components / Operating system package or component fence-agents-ifmib Operating systems & Components / Operating system package or component fence-agents-ibmblade Operating systems & Components / Operating system package or component fence-agents-ibm-vpc Operating systems & Components / Operating system package or component fence-agents-ibm-powervs Operating systems & Components / Operating system package or component fence-agents-hpblade Operating systems & Components / Operating system package or component fence-agents-heuristics-ping Operating systems & Components / Operating system package or component fence-agents-eps Operating systems & Components / Operating system package or component fence-agents-emerson Operating systems & Components / Operating system package or component fence-agents-eaton-snmp Operating systems & Components / Operating system package or component fence-agents-drac5 Operating systems & Components / Operating system package or component fence-agents-common Operating systems & Components / Operating system package or component fence-agents-cisco-ucs Operating systems & Components / Operating system package or component fence-agents-cisco-mds Operating systems & Components / Operating system package or component fence-agents-brocade Operating systems & Components / Operating system package or component fence-agents-bladecenter Operating systems & Components / Operating system package or component fence-agents-apc-snmp Operating systems & Components / Operating system package or component fence-agents-apc Operating systems & Components / Operating system package or component fence-agents-amt-ws Operating systems & Components / Operating system package or component ha-cloud-support Operating systems & Components / Operating system package or component fence-virtd-tcp Operating systems & Components / Operating system package or component fence-virtd-serial Operating systems & Components / Operating system package or component fence-virtd-multicast Operating systems & Components / Operating system package or component fence-virtd-libvirt Operating systems & Components / Operating system package or component fence-virtd-cpg Operating systems & Components / Operating system package or component fence-virtd Operating systems & Components / Operating system package or component fence-virt Operating systems & Components / Operating system package or component fence-agents-gce Operating systems & Components / Operating system package or component fence-agents-azure-arm Operating systems & Components / Operating system package or component fence-agents-aws Operating systems & Components / Operating system package or component fence-agents-aliyun Operating systems & Components / Operating system package or component fence-agents-redfish Operating systems & Components / Operating system package or component fence-agents-kubevirt Operating systems & Components / Operating system package or component fence-agents-kdump Operating systems & Components / Operating system package or component fence-agents-all Operating systems & Components / Operating system package or component |
| Vendor | OpenAnolis |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Security features bypass
EUVDB-ID: #VU101971
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56201
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass sandbox restrictions.
The vulnerability exists due to improper validation of user-supplied input. A local user with the ability to control both the filename and the contents of a template can bypass sandbox restrictions.
Install updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
fence-agents-wti: before 4.10.0-76.0.1
fence-agents-vmware-soap: before 4.10.0-76.0.1
fence-agents-vmware-rest: before 4.10.0-76.0.1
fence-agents-virsh: before 4.10.0-76.0.1
fence-agents-scsi: before 4.10.0-76.0.1
fence-agents-sbd: before 4.10.0-76.0.1
fence-agents-rsb: before 4.10.0-76.0.1
fence-agents-rsa: before 4.10.0-76.0.1
fence-agents-rhevm: before 4.10.0-76.0.1
fence-agents-mpath: before 4.10.0-76.0.1
fence-agents-lpar: before 4.10.0-76.0.1
fence-agents-ipmilan: before 4.10.0-76.0.1
fence-agents-ipdu: before 4.10.0-76.0.1
fence-agents-intelmodular: before 4.10.0-76.0.1
fence-agents-ilo2: before 4.10.0-76.0.1
fence-agents-ilo-ssh: before 4.10.0-76.0.1
fence-agents-ilo-mp: before 4.10.0-76.0.1
fence-agents-ilo-moonshot: before 4.10.0-76.0.1
fence-agents-ifmib: before 4.10.0-76.0.1
fence-agents-ibmblade: before 4.10.0-76.0.1
fence-agents-ibm-vpc: before 4.10.0-76.0.1
fence-agents-ibm-powervs: before 4.10.0-76.0.1
fence-agents-hpblade: before 4.10.0-76.0.1
fence-agents-heuristics-ping: before 4.10.0-76.0.1
fence-agents-eps: before 4.10.0-76.0.1
fence-agents-emerson: before 4.10.0-76.0.1
fence-agents-eaton-snmp: before 4.10.0-76.0.1
fence-agents-drac5: before 4.10.0-76.0.1
fence-agents-common: before 4.10.0-76.0.1
fence-agents-cisco-ucs: before 4.10.0-76.0.1
fence-agents-cisco-mds: before 4.10.0-76.0.1
fence-agents-brocade: before 4.10.0-76.0.1
fence-agents-bladecenter: before 4.10.0-76.0.1
fence-agents-apc-snmp: before 4.10.0-76.0.1
fence-agents-apc: before 4.10.0-76.0.1
fence-agents-amt-ws: before 4.10.0-76.0.1
ha-cloud-support: before 4.10.0-76.0.1
fence-virtd-tcp: before 4.10.0-76.0.1
fence-virtd-serial: before 4.10.0-76.0.1
fence-virtd-multicast: before 4.10.0-76.0.1
fence-virtd-libvirt: before 4.10.0-76.0.1
fence-virtd-cpg: before 4.10.0-76.0.1
fence-virtd: before 4.10.0-76.0.1
fence-virt: before 4.10.0-76.0.1
fence-agents-gce: before 4.10.0-76.0.1
fence-agents-azure-arm: before 4.10.0-76.0.1
fence-agents-aws: before 4.10.0-76.0.1
fence-agents-aliyun: before 4.10.0-76.0.1
fence-agents-redfish: before 4.10.0-76.0.1
fence-agents-kubevirt: before 4.10.0-76.0.1
fence-agents-kdump: before 4.10.0-76.0.1
fence-agents-all: before 4.10.0-76.0.1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:8:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:fence-agents-wti:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-vmware-soap:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-vmware-rest:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-virsh:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-scsi:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-sbd:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-rsb:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-rsa:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-rhevm:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-mpath:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-lpar:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ipmilan:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ipdu:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-intelmodular:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ilo2:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ilo-ssh:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ilo-mp:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ilo-moonshot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ifmib:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ibmblade:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ibm-vpc:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ibm-powervs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-hpblade:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-heuristics-ping:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-eps:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-emerson:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-eaton-snmp:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-drac5:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-cisco-ucs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-cisco-mds:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-brocade:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-bladecenter:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-apc-snmp:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-apc:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-amt-ws:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:ha-cloud-support:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd-tcp:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd-serial:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd-multicast:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd-libvirt:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd-cpg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virt:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-gce:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-azure-arm:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-aws:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-aliyun:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-redfish:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-kubevirt:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-kdump:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-all:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0041
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security features bypass
EUVDB-ID: #VU101972
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-56326
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass sandbox restrictions.
The vulnerability exists in the way the Jinja sandboxed environment detects calls to str.format. A local user with the ability to control the contents of a template can bypass sandbox restrictions. MitigationInstall updates from vendor's repository.
Vulnerable software versionsAnolis OS: 8
fence-agents-wti: before 4.10.0-76.0.1
fence-agents-vmware-soap: before 4.10.0-76.0.1
fence-agents-vmware-rest: before 4.10.0-76.0.1
fence-agents-virsh: before 4.10.0-76.0.1
fence-agents-scsi: before 4.10.0-76.0.1
fence-agents-sbd: before 4.10.0-76.0.1
fence-agents-rsb: before 4.10.0-76.0.1
fence-agents-rsa: before 4.10.0-76.0.1
fence-agents-rhevm: before 4.10.0-76.0.1
fence-agents-mpath: before 4.10.0-76.0.1
fence-agents-lpar: before 4.10.0-76.0.1
fence-agents-ipmilan: before 4.10.0-76.0.1
fence-agents-ipdu: before 4.10.0-76.0.1
fence-agents-intelmodular: before 4.10.0-76.0.1
fence-agents-ilo2: before 4.10.0-76.0.1
fence-agents-ilo-ssh: before 4.10.0-76.0.1
fence-agents-ilo-mp: before 4.10.0-76.0.1
fence-agents-ilo-moonshot: before 4.10.0-76.0.1
fence-agents-ifmib: before 4.10.0-76.0.1
fence-agents-ibmblade: before 4.10.0-76.0.1
fence-agents-ibm-vpc: before 4.10.0-76.0.1
fence-agents-ibm-powervs: before 4.10.0-76.0.1
fence-agents-hpblade: before 4.10.0-76.0.1
fence-agents-heuristics-ping: before 4.10.0-76.0.1
fence-agents-eps: before 4.10.0-76.0.1
fence-agents-emerson: before 4.10.0-76.0.1
fence-agents-eaton-snmp: before 4.10.0-76.0.1
fence-agents-drac5: before 4.10.0-76.0.1
fence-agents-common: before 4.10.0-76.0.1
fence-agents-cisco-ucs: before 4.10.0-76.0.1
fence-agents-cisco-mds: before 4.10.0-76.0.1
fence-agents-brocade: before 4.10.0-76.0.1
fence-agents-bladecenter: before 4.10.0-76.0.1
fence-agents-apc-snmp: before 4.10.0-76.0.1
fence-agents-apc: before 4.10.0-76.0.1
fence-agents-amt-ws: before 4.10.0-76.0.1
ha-cloud-support: before 4.10.0-76.0.1
fence-virtd-tcp: before 4.10.0-76.0.1
fence-virtd-serial: before 4.10.0-76.0.1
fence-virtd-multicast: before 4.10.0-76.0.1
fence-virtd-libvirt: before 4.10.0-76.0.1
fence-virtd-cpg: before 4.10.0-76.0.1
fence-virtd: before 4.10.0-76.0.1
fence-virt: before 4.10.0-76.0.1
fence-agents-gce: before 4.10.0-76.0.1
fence-agents-azure-arm: before 4.10.0-76.0.1
fence-agents-aws: before 4.10.0-76.0.1
fence-agents-aliyun: before 4.10.0-76.0.1
fence-agents-redfish: before 4.10.0-76.0.1
fence-agents-kubevirt: before 4.10.0-76.0.1
fence-agents-kdump: before 4.10.0-76.0.1
fence-agents-all: before 4.10.0-76.0.1
CPE2.3- cpe:2.3:o:openanolis:anolis_os:8:*:*:*:*:*:*:*
- cpe:2.3:o:openanolis:fence-agents-wti:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-vmware-soap:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-vmware-rest:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-virsh:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-scsi:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-sbd:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-rsb:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-rsa:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-rhevm:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-mpath:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-lpar:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ipmilan:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ipdu:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-intelmodular:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ilo2:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ilo-ssh:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ilo-mp:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ilo-moonshot:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ifmib:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ibmblade:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ibm-vpc:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-ibm-powervs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-hpblade:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-heuristics-ping:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-eps:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-emerson:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-eaton-snmp:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-drac5:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-common:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-cisco-ucs:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-cisco-mds:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-brocade:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-bladecenter:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-apc-snmp:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-apc:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-amt-ws:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:ha-cloud-support:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd-tcp:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd-serial:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd-multicast:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd-libvirt:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd-cpg:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virtd:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-virt:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-gce:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-azure-arm:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-aws:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-aliyun:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-redfish:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-kubevirt:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-kdump:*:*:*:*:*:anolis_os:*:*
- cpe:2.3:o:openanolis:fence-agents-all:*:*:*:*:*:anolis_os:*:*
https://anas.openanolis.cn/errata/detail/ANSA-2025:0041
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
