pcs-0.10.14-5.el8.ML.1

エラータID: AXSA:2022-4465:08

Release date: 
Tuesday, December 20, 2022 - 10:37
Subject: 
pcs-0.10.14-5.el8.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

Security Fix(es):

* pcs: improper authentication via PAM (CVE-2022-1049)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 8.7 Release Notes linked from the References section.

CVE-2022-1049
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.

Solution: 

Update packages.

CVEs: 
CVE-2022-1049
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.
Additional Info: 

N/A

Download: 

SRPMS
  1. pcs-0.10.14-5.el8.ML.1.src.rpm
    MD5: 78378f211a07dd75a478bcc1ab6f1a89
    SHA-256: 753c1d12305ebe1b77c305f95e07e3f34bc9a3845bbba524853a2defc08b7b69
    Size: 70.61 MB

Asianux Server 8 for x86_64
  1. pcs-0.10.14-5.el8.ML.1.x86_64.rpm
    MD5: ffd72312a6cb1f9645203d604985b53e
    SHA-256: 531f4a205c0461b9638cc812b759c3c1b58c5d1587c6faa15b63301b41e35985
    Size: 10.08 MB
  2. pcs-snmp-0.10.14-5.el8.ML.1.x86_64.rpm
    MD5: 51319eed1e932fc5aa08a92c5a28cb11
    SHA-256: 7cea3dcfa7f5877da2120da44c3ca76b56ca9889c036d3b197106e5e015af1e5
    Size: 75.56 kB