Red Hat Security Advisory: resource-agents security update
A security update for the resource-agents packages in Red Hat Enterprise Linux 8. 8 addresses a remote code execution vulnerability (CVE-2024-6345) in the pypa/setuptools package_index module. The resource-agents provide scripts for high-availability service managers like Pacemaker and RGManager. This vulnerability could allow remote code execution via download functions. Red Hat has issued an important security advisory and provides updated packages to remediate this issue.
AI Analysis
Technical Summary
The resource-agents packages in Red Hat Enterprise Linux 8.8 contain scripts used by Pacemaker and RGManager for high-availability environments. A remote code execution vulnerability (CVE-2024-6345) exists in the pypa/setuptools package_index module, which is used by these packages. This vulnerability allows an attacker to execute arbitrary code remotely via certain download functions. Red Hat has released updated resource-agents packages to fix this issue, as detailed in advisory RHSA-2024:8179.
Potential Impact
The vulnerability allows remote code execution, which could lead to an attacker executing arbitrary code on affected systems running vulnerable versions of resource-agents. This impacts systems using Red Hat Enterprise Linux 8.8 High Availability and Resilient Storage Extended Update Support versions. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has released updated resource-agents packages that address CVE-2024-6345. Users should apply the security update as described in Red Hat advisory RHSA-2024:8179 and the referenced article https://access.redhat.com/articles/11258 to remediate this vulnerability. Patch status is confirmed as available and official fixes have been issued. No additional mitigation steps are indicated by the vendor.
Red Hat Security Advisory: resource-agents security update
Description
A security update for the resource-agents packages in Red Hat Enterprise Linux 8. 8 addresses a remote code execution vulnerability (CVE-2024-6345) in the pypa/setuptools package_index module. The resource-agents provide scripts for high-availability service managers like Pacemaker and RGManager. This vulnerability could allow remote code execution via download functions. Red Hat has issued an important security advisory and provides updated packages to remediate this issue.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The resource-agents packages in Red Hat Enterprise Linux 8.8 contain scripts used by Pacemaker and RGManager for high-availability environments. A remote code execution vulnerability (CVE-2024-6345) exists in the pypa/setuptools package_index module, which is used by these packages. This vulnerability allows an attacker to execute arbitrary code remotely via certain download functions. Red Hat has released updated resource-agents packages to fix this issue, as detailed in advisory RHSA-2024:8179.
Potential Impact
The vulnerability allows remote code execution, which could lead to an attacker executing arbitrary code on affected systems running vulnerable versions of resource-agents. This impacts systems using Red Hat Enterprise Linux 8.8 High Availability and Resilient Storage Extended Update Support versions. No known exploits in the wild have been reported at this time.
Mitigation Recommendations
Red Hat has released updated resource-agents packages that address CVE-2024-6345. Users should apply the security update as described in Red Hat advisory RHSA-2024:8179 and the referenced article https://access.redhat.com/articles/11258 to remediate this vulnerability. Patch status is confirmed as available and official fixes have been issued. No additional mitigation steps are indicated by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:8179
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a1f4e82e29bf47b5007c9c6
Added to database: 6/2/2026, 9:43:30 PM
Last enriched: 6/2/2026, 9:45:00 PM
Last updated: 6/3/2026, 5:08:07 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.