pcs-0.11.1-10.el9.1.ML.1
エラータID: AXSA:2022-4107:07
Release date:
Friday, December 16, 2022 - 13:22
Subject:
pcs-0.11.1-10.el9.1.ML.1
Affected Channels:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* sinatra: path traversal possible outside of public_dir when serving static files (CVE-2022-29970)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-29970
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
Solution:
Update packages.
CVEs:
CVE-2022-29970
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
Additional Info:
N/A
Download:
SRPMS
- pcs-0.11.1-10.el9.1.ML.1.src.rpm
MD5: a8a745e2357f85321b12bbb8dcd9d8cb
SHA-256: 438cddcfaad20bcb4f4536c6b0672f21de5f3084aee5ade84f5fc950fc980044
Size: 72.41 MB
Asianux Server 9 for x86_64
- pcs-0.11.1-10.el9.1.ML.1.x86_64.rpm
MD5: 9ee4b00b52dbc48b0e06358f0ec14b78
SHA-256: 9cad74a976c49572dd07e81fdeaff803856a7447ed7dc88f2f2a3b02ee93bea3
Size: 7.96 MB - pcs-snmp-0.11.1-10.el9.1.ML.1.x86_64.rpm
MD5: 8038255227adbc1d5d0b4926ed8002f8
SHA-256: 04a9af29752bbea0a5c5aa5214a45a22605112b1bde9350a143948eae7824d88
Size: 58.85 kB
日本語