Python-eventlet: patch regression for cve-2021-21419 in some red hat builds
CVE-2023-5625

7.5HIGH

Key Information:

Vendor: Red Hat
Status: Ironic Content For Red Hat Openshift Container Platform 4.12; Red Hat Openstack Platform 17.1 For Rhel 8; Red Hat Openstack Platform 17.1 For Rhel 9
Vendor: CVE Published:; 1 November 2023

🔔 Create Red Hat Vulnerability Alert

What is CVE-2023-5625?

A regression has been identified in the Red Hat build of python-eventlet. This issue arose from a modification in the patch application strategy, leading to the failure of a critical patch for CVE-2021-21419 to be applied across all builds of Red Hat products. Consequently, users may be exposed to vulnerabilities stemming from this oversight, impacting the security and stability of affected systems.

Affected Version(s)

Ironic content for Red Hat OpenShift Container Platform 4.12 0:0.30.2-4.el9

Red Hat OpenStack Platform 17.1 for RHEL 8 0:0.30.2-4.el8ost

Red Hat OpenStack Platform 17.1 for RHEL 9 0:0.30.2-4.el9ost

References

https://access.redhat.com/errata/RHSA-2023:6128

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:0188

vendor-advisoryx_refsource_REDHAT

https://access.redhat.com/errata/RHSA-2024:0213

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 1, 2023
Vulnerability Reserved
Oct 17, 2023

.

CVE-2023-5625 : Python-eventlet: patch regression for cve-2021-21419 in some red hat builds