pcs-0.10.10-4.el8.ML.1
エラータID: AXSA:2021-2867:05
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
The following packages have been upgraded to a later upstream version: pcs (0.10.10).
Security Fix(es):
* jquery: Cross-site scripting (XSS) via <script> HTML tags containing whitespaces (CVE-2020-7656)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
Updated to the version 0.10.10-4
CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-7656
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed.
Update packages.
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
N/A
SRPMS
- pcs-0.10.10-4.el8.ML.1.src.rpm
MD5: b0796526dd1a1e4f8dfc1ad393425af1
SHA-256: a7ba3dce6457bdbe29bd53e0602d16509e9e5c7fcf9224120b0589a5897287bc
Size: 76.72 MB
Asianux Server 8 for x86_64
- pcs-0.10.10-4.el8.ML.1.x86_64.rpm
MD5: 7d2e148313b1815dd88c891fa71eef09
SHA-256: 5ffa9e51355691445def70ad489f8f4af90083b869bdf3733fdfda1f9dd3541a
Size: 11.50 MB - pcs-snmp-0.10.10-4.el8.ML.1.x86_64.rpm
MD5: 0257b6042210ee873d8083a41e531182
SHA-256: 71a97423839c243b98c94c92b9451d77028819979ac042badf862dc9ce9e441f
Size: 71.53 kB