CVE-2023-5625: Python-eventlet: patch regression for cve-2021-21419 in some red hat builds
First published: Tue Oct 17 2023(Updated: )
A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for <a href="https://access.redhat.com/security/cve/CVE-2021-21419">CVE-2021-21419</a> not being applied for all builds of all products.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| Redhat Openshift Container Platform For Arm64 | =4.12 | |
| Redhat Openshift Container Platform For Linuxone | =4.12 | |
| Redhat Openshift Container Platform For Power | =4.12 | |
| Redhat Openshift Container Platform Ibm Z Systems | =4.12 | |
| Any of | ||
| Redhat Enterprise Linux | =8.0 | |
| Redhat Enterprise Linux | =9.0 | |
| Redhat Openstack Platform | =17.1 | |
| redhat/python-eventlet | <0.30.2-3.el8 | 0.30.2-3.el8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-5625?
CVE-2023-5625 is a vulnerability in the Red Hat build of python-eventlet that resulted in a patch for CVE-2021-21419 not being applied for all builds of all products.
What is the severity of CVE-2023-5625?
The severity of CVE-2023-5625 is high with a severity value of 7.5.
What software is affected by CVE-2023-5625?
CVE-2023-5625 affects Red Hat Enterprise Linux 8.0 and 9.0, Red Hat OpenStack Platform 17.1, Red Hat OpenShift Container Platform for ARM64 4.12, Red Hat OpenShift Container Platform for LinuxONE 4.12, Red Hat OpenShift Container Platform for Power 4.12, and Red Hat OpenShift Container Platform IBM Z Systems 4.12.
How can I fix CVE-2023-5625?
To fix CVE-2023-5625, you should update the python-eventlet package to version 0.30.2-3.el8 if using Red Hat Enterprise Linux 8.0, or follow the patch update instructions provided by Red Hat for other affected products.
Where can I find more information about CVE-2023-5625?
You can find more information about CVE-2023-5625 on the Red Hat website at https://access.redhat.com/security/cve/CVE-2023-5625.
- agent/author
- agent/description
- agent/epss
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/epss-latest
- source/FIRST
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-5625
- vendor/redhat
- canonical/redhat openshift container platform for arm64
- version/redhat openshift container platform for arm64/4.12
- canonical/redhat openshift container platform for linuxone
- version/redhat openshift container platform for linuxone/4.12
- canonical/redhat openshift container platform for power
- version/redhat openshift container platform for power/4.12
- canonical/redhat openshift container platform ibm z systems
- version/redhat openshift container platform ibm z systems/4.12
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- version/redhat enterprise linux/9.0
- canonical/redhat openstack platform
- version/redhat openstack platform/17.1
- package-manager/redhat