Anolis OS update for fence-agents



Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2024-56201
CVE-2024-56326
CWE-ID CWE-254
Exploitation vector Local
Public exploit N/A
Vulnerable software
Anolis OS
Operating systems & Components / Operating system

fence-agents-wti
Operating systems & Components / Operating system package or component

fence-agents-vmware-soap
Operating systems & Components / Operating system package or component

fence-agents-vmware-rest
Operating systems & Components / Operating system package or component

fence-agents-virsh
Operating systems & Components / Operating system package or component

fence-agents-scsi
Operating systems & Components / Operating system package or component

fence-agents-sbd
Operating systems & Components / Operating system package or component

fence-agents-rsb
Operating systems & Components / Operating system package or component

fence-agents-rsa
Operating systems & Components / Operating system package or component

fence-agents-rhevm
Operating systems & Components / Operating system package or component

fence-agents-mpath
Operating systems & Components / Operating system package or component

fence-agents-lpar
Operating systems & Components / Operating system package or component

fence-agents-ipmilan
Operating systems & Components / Operating system package or component

fence-agents-ipdu
Operating systems & Components / Operating system package or component

fence-agents-intelmodular
Operating systems & Components / Operating system package or component

fence-agents-ilo2
Operating systems & Components / Operating system package or component

fence-agents-ilo-ssh
Operating systems & Components / Operating system package or component

fence-agents-ilo-mp
Operating systems & Components / Operating system package or component

fence-agents-ilo-moonshot
Operating systems & Components / Operating system package or component

fence-agents-ifmib
Operating systems & Components / Operating system package or component

fence-agents-ibmblade
Operating systems & Components / Operating system package or component

fence-agents-ibm-vpc
Operating systems & Components / Operating system package or component

fence-agents-ibm-powervs
Operating systems & Components / Operating system package or component

fence-agents-hpblade
Operating systems & Components / Operating system package or component

fence-agents-heuristics-ping
Operating systems & Components / Operating system package or component

fence-agents-eps
Operating systems & Components / Operating system package or component

fence-agents-emerson
Operating systems & Components / Operating system package or component

fence-agents-eaton-snmp
Operating systems & Components / Operating system package or component

fence-agents-drac5
Operating systems & Components / Operating system package or component

fence-agents-common
Operating systems & Components / Operating system package or component

fence-agents-cisco-ucs
Operating systems & Components / Operating system package or component

fence-agents-cisco-mds
Operating systems & Components / Operating system package or component

fence-agents-brocade
Operating systems & Components / Operating system package or component

fence-agents-bladecenter
Operating systems & Components / Operating system package or component

fence-agents-apc-snmp
Operating systems & Components / Operating system package or component

fence-agents-apc
Operating systems & Components / Operating system package or component

fence-agents-amt-ws
Operating systems & Components / Operating system package or component

ha-cloud-support
Operating systems & Components / Operating system package or component

fence-virtd-tcp
Operating systems & Components / Operating system package or component

fence-virtd-serial
Operating systems & Components / Operating system package or component

fence-virtd-multicast
Operating systems & Components / Operating system package or component

fence-virtd-libvirt
Operating systems & Components / Operating system package or component

fence-virtd-cpg
Operating systems & Components / Operating system package or component

fence-virtd
Operating systems & Components / Operating system package or component

fence-virt
Operating systems & Components / Operating system package or component

fence-agents-gce
Operating systems & Components / Operating system package or component

fence-agents-azure-arm
Operating systems & Components / Operating system package or component

fence-agents-aws
Operating systems & Components / Operating system package or component

fence-agents-aliyun
Operating systems & Components / Operating system package or component

fence-agents-redfish
Operating systems & Components / Operating system package or component

fence-agents-kubevirt
Operating systems & Components / Operating system package or component

fence-agents-kdump
Operating systems & Components / Operating system package or component

fence-agents-all
Operating systems & Components / Operating system package or component

Vendor OpenAnolis

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Security features bypass

EUVDB-ID: #VU101971

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56201

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local user to bypass sandbox restrictions.

The vulnerability exists due to improper validation of user-supplied input.  A local user with the ability to control both the filename and the contents of a template can bypass sandbox restrictions.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

fence-agents-wti: before 4.10.0-76.0.1

fence-agents-vmware-soap: before 4.10.0-76.0.1

fence-agents-vmware-rest: before 4.10.0-76.0.1

fence-agents-virsh: before 4.10.0-76.0.1

fence-agents-scsi: before 4.10.0-76.0.1

fence-agents-sbd: before 4.10.0-76.0.1

fence-agents-rsb: before 4.10.0-76.0.1

fence-agents-rsa: before 4.10.0-76.0.1

fence-agents-rhevm: before 4.10.0-76.0.1

fence-agents-mpath: before 4.10.0-76.0.1

fence-agents-lpar: before 4.10.0-76.0.1

fence-agents-ipmilan: before 4.10.0-76.0.1

fence-agents-ipdu: before 4.10.0-76.0.1

fence-agents-intelmodular: before 4.10.0-76.0.1

fence-agents-ilo2: before 4.10.0-76.0.1

fence-agents-ilo-ssh: before 4.10.0-76.0.1

fence-agents-ilo-mp: before 4.10.0-76.0.1

fence-agents-ilo-moonshot: before 4.10.0-76.0.1

fence-agents-ifmib: before 4.10.0-76.0.1

fence-agents-ibmblade: before 4.10.0-76.0.1

fence-agents-ibm-vpc: before 4.10.0-76.0.1

fence-agents-ibm-powervs: before 4.10.0-76.0.1

fence-agents-hpblade: before 4.10.0-76.0.1

fence-agents-heuristics-ping: before 4.10.0-76.0.1

fence-agents-eps: before 4.10.0-76.0.1

fence-agents-emerson: before 4.10.0-76.0.1

fence-agents-eaton-snmp: before 4.10.0-76.0.1

fence-agents-drac5: before 4.10.0-76.0.1

fence-agents-common: before 4.10.0-76.0.1

fence-agents-cisco-ucs: before 4.10.0-76.0.1

fence-agents-cisco-mds: before 4.10.0-76.0.1

fence-agents-brocade: before 4.10.0-76.0.1

fence-agents-bladecenter: before 4.10.0-76.0.1

fence-agents-apc-snmp: before 4.10.0-76.0.1

fence-agents-apc: before 4.10.0-76.0.1

fence-agents-amt-ws: before 4.10.0-76.0.1

ha-cloud-support: before 4.10.0-76.0.1

fence-virtd-tcp: before 4.10.0-76.0.1

fence-virtd-serial: before 4.10.0-76.0.1

fence-virtd-multicast: before 4.10.0-76.0.1

fence-virtd-libvirt: before 4.10.0-76.0.1

fence-virtd-cpg: before 4.10.0-76.0.1

fence-virtd: before 4.10.0-76.0.1

fence-virt: before 4.10.0-76.0.1

fence-agents-gce: before 4.10.0-76.0.1

fence-agents-azure-arm: before 4.10.0-76.0.1

fence-agents-aws: before 4.10.0-76.0.1

fence-agents-aliyun: before 4.10.0-76.0.1

fence-agents-redfish: before 4.10.0-76.0.1

fence-agents-kubevirt: before 4.10.0-76.0.1

fence-agents-kdump: before 4.10.0-76.0.1

fence-agents-all: before 4.10.0-76.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2025:0041


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security features bypass

EUVDB-ID: #VU101972

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-56326

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local user to bypass sandbox restrictions.

The vulnerability exists in the way the Jinja sandboxed environment detects calls to str.format.  A local user with the ability to control the contents of a template can bypass sandbox restrictions.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

fence-agents-wti: before 4.10.0-76.0.1

fence-agents-vmware-soap: before 4.10.0-76.0.1

fence-agents-vmware-rest: before 4.10.0-76.0.1

fence-agents-virsh: before 4.10.0-76.0.1

fence-agents-scsi: before 4.10.0-76.0.1

fence-agents-sbd: before 4.10.0-76.0.1

fence-agents-rsb: before 4.10.0-76.0.1

fence-agents-rsa: before 4.10.0-76.0.1

fence-agents-rhevm: before 4.10.0-76.0.1

fence-agents-mpath: before 4.10.0-76.0.1

fence-agents-lpar: before 4.10.0-76.0.1

fence-agents-ipmilan: before 4.10.0-76.0.1

fence-agents-ipdu: before 4.10.0-76.0.1

fence-agents-intelmodular: before 4.10.0-76.0.1

fence-agents-ilo2: before 4.10.0-76.0.1

fence-agents-ilo-ssh: before 4.10.0-76.0.1

fence-agents-ilo-mp: before 4.10.0-76.0.1

fence-agents-ilo-moonshot: before 4.10.0-76.0.1

fence-agents-ifmib: before 4.10.0-76.0.1

fence-agents-ibmblade: before 4.10.0-76.0.1

fence-agents-ibm-vpc: before 4.10.0-76.0.1

fence-agents-ibm-powervs: before 4.10.0-76.0.1

fence-agents-hpblade: before 4.10.0-76.0.1

fence-agents-heuristics-ping: before 4.10.0-76.0.1

fence-agents-eps: before 4.10.0-76.0.1

fence-agents-emerson: before 4.10.0-76.0.1

fence-agents-eaton-snmp: before 4.10.0-76.0.1

fence-agents-drac5: before 4.10.0-76.0.1

fence-agents-common: before 4.10.0-76.0.1

fence-agents-cisco-ucs: before 4.10.0-76.0.1

fence-agents-cisco-mds: before 4.10.0-76.0.1

fence-agents-brocade: before 4.10.0-76.0.1

fence-agents-bladecenter: before 4.10.0-76.0.1

fence-agents-apc-snmp: before 4.10.0-76.0.1

fence-agents-apc: before 4.10.0-76.0.1

fence-agents-amt-ws: before 4.10.0-76.0.1

ha-cloud-support: before 4.10.0-76.0.1

fence-virtd-tcp: before 4.10.0-76.0.1

fence-virtd-serial: before 4.10.0-76.0.1

fence-virtd-multicast: before 4.10.0-76.0.1

fence-virtd-libvirt: before 4.10.0-76.0.1

fence-virtd-cpg: before 4.10.0-76.0.1

fence-virtd: before 4.10.0-76.0.1

fence-virt: before 4.10.0-76.0.1

fence-agents-gce: before 4.10.0-76.0.1

fence-agents-azure-arm: before 4.10.0-76.0.1

fence-agents-aws: before 4.10.0-76.0.1

fence-agents-aliyun: before 4.10.0-76.0.1

fence-agents-redfish: before 4.10.0-76.0.1

fence-agents-kubevirt: before 4.10.0-76.0.1

fence-agents-kdump: before 4.10.0-76.0.1

fence-agents-all: before 4.10.0-76.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2025:0041


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###