IBM Cloud Infrastructure Center 1.2.3 Interim Fix 01

Content

Following new capabilities are added

•  Utilities to support volumes migration from one PBHA enabled flash storage to another without any downtime.
• Below security fixes has been included in this fix.

sqlparse: CVE-2024-4340

• Title: sqlparse: Denial of Service (DoS) vulnerability
• Summary: sqlparse versions prior to 0.4.4 are vulnerable to a recursion error triggered by a heavily nested list in sqlparse.parse(), which can lead to a denial of service. 
• Link: https://access.redhat.com/security/cve/cve-2024-4340

WebOb: CVE-2024-42353

• Title: WebOb: Accept header parsing vulnerability
• Summary: Certain Accept header values can cause WebOb versions prior to 1.8.8 to mishandle requests, leading to potential security issues.
• Link: https://access.redhat.com/security/cve/cve-2024-42353

Jinja2: CVE-2024-56326, CVE-2024-56201

• Title: Jinja2: Template injection vulnerabilities
• Summary: Jinja2 versions earlier than 3.1.2 are susceptible to template injection, allowing remote code execution.
• Link: https://access.redhat.com/security/cve/cve-2024-56326, https://access.redhat.com/security/cve/cve-2024-56201

zipp: CVE-2024-5569

• Title: zipp: Arbitrary file overwrite via crafted zip files
• Summary: zipp versions before 3.8.1 allow attackers to overwrite arbitrary files through crafted zip files.
• Link: https://access.redhat.com/security/cve/CVE-2024-5569

Prerequisite

 Both source and destination Flash storage should support Policy based high availability (PBHA).

Installation

 Download the package from Fix Central and extract it. Follow the instructions in the readme file in the installation package.