pcs-0.10.12-6.el8.1.ML.1
エラータID: AXSA:2022-3740:04
Release date:
Friday, August 26, 2022 - 03:28
Subject:
pcs-0.10.12-6.el8.1.ML.1
Affected Channels:
Asianux Server 8 for x86_64
Severity:
High
Description:
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* sinatra: path traversal possible outside of public_dir when serving static files (CVE-2022-29970)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-29970
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
Solution:
Update packages.
CVEs:
CVE-2022-29970
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
Additional Info:
N/A
Download:
SRPMS
- pcs-0.10.12-6.el8.1.ML.1.src.rpm
MD5: 03ede4fb28baf2934ba9f1c0b2b24fbf
SHA-256: c0e2a1a34ed8fc4a25cf282fd81e83f88814a0ea8f742a48388d6f4c502b7ffd
Size: 73.42 MB
Asianux Server 8 for x86_64
- pcs-0.10.12-6.el8.1.ML.1.x86_64.rpm
MD5: a3aba3365b429bffa8d34c1981f304fa
SHA-256: 9f6ba4a46d5398a44b742da18ee078bf73f6d7a6fbb6ad5b2775f9987c8b484d
Size: 9.66 MB - pcs-snmp-0.10.12-6.el8.1.ML.1.x86_64.rpm
MD5: ff8743dbea1f5f82f44f59cc4c99be4e
SHA-256: 893e7901396827d7f4881b5f25f8733b63250eb8002bf7fc87018da9c673e0f4
Size: 73.19 kB
日本語