First published: Tue Oct 17 2023(Updated: )
A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for <a href="https://access.redhat.com/security/cve/CVE-2021-21419">CVE-2021-21419</a> not being applied for all builds of all products.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/python-eventlet | <0.30.2-3.el8 | 0.30.2-3.el8 |
All of | ||
Any of | ||
=4.12 | ||
=4.12 | ||
=4.12 | ||
=4.12 | ||
Any of | ||
=8.0 | ||
=9.0 | ||
=17.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-5625 is a vulnerability in the Red Hat build of python-eventlet that resulted in a patch for CVE-2021-21419 not being applied for all builds of all products.
The severity of CVE-2023-5625 is high with a severity value of 7.5.
CVE-2023-5625 affects Red Hat Enterprise Linux 8.0 and 9.0, Red Hat OpenStack Platform 17.1, Red Hat OpenShift Container Platform for ARM64 4.12, Red Hat OpenShift Container Platform for LinuxONE 4.12, Red Hat OpenShift Container Platform for Power 4.12, and Red Hat OpenShift Container Platform IBM Z Systems 4.12.
To fix CVE-2023-5625, you should update the python-eventlet package to version 0.30.2-3.el8 if using Red Hat Enterprise Linux 8.0, or follow the patch update instructions provided by Red Hat for other affected products.
You can find more information about CVE-2023-5625 on the Red Hat website at https://access.redhat.com/security/cve/CVE-2023-5625.