Python-eventlet: patch regression for cve-2021-21419 in some red hat builds
CVE-2023-5625

7.5HIGH

Key Information:

Vendor
Red Hat
Status
Ironic Content For Red Hat Openshift Container Platform 4.12
Red Hat Openstack Platform 17.1 For Rhel 8
Red Hat Openstack Platform 17.1 For Rhel 9
Vendor
CVE Published:
1 November 2023

Summary

A regression has been identified in the Red Hat build of python-eventlet. This issue arose from a modification in the patch application strategy, leading to the failure of a critical patch for CVE-2021-21419 to be applied across all builds of Red Hat products. Consequently, users may be exposed to vulnerabilities stemming from this oversight, impacting the security and stability of affected systems.

Affected Version(s)

Ironic content for Red Hat OpenShift Container Platform 4.12 0:0.30.2-4.el9

Red Hat OpenStack Platform 17.1 for RHEL 8 0:0.30.2-4.el8ost

Red Hat OpenStack Platform 17.1 for RHEL 9 0:0.30.2-4.el9ost

References

https://access.redhat.com/errata/RHSA-2023:6128
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0188
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0213
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.