pcs-0.10.15-4.el8.1.ML.1

エラータID: AXSA:2023-6169:12

Release date: 
Thursday, June 29, 2023 - 02:52
Subject: 
pcs-0.10.15-4.el8.1.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

Security Fix(es):

* rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530)
* rubygem-rack: denial of service in header parsing (CVE-2023-27539)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Command 'pcs config checkpoint diff' does not show configuration differences between checkpoints (BZ#2180700)
* Need a way to add a scsi fencing device to a cluster without requiring a restart of all cluster resources (BZ#2180706)

CVE-2023-27530
A DoS vulnerability exists in Rack

Solution: 

Update packages.

CVEs: 
CVE-2023-27530
A DoS vulnerability exists in Rack
CVE-2023-27539
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. pcs-0.10.15-4.el8.1.ML.1.src.rpm
    MD5: 51304a361fcefed18f9ae582a5eb322e
    SHA-256: ae8da0e917961e9b4a45647ad3afe9fcd6a0199f2cf7a502ab101bb4b4468b6d
    Size: 70.68 MB

Asianux Server 8 for x86_64
  1. pcs-0.10.15-4.el8.1.ML.1.x86_64.rpm
    MD5: 75adeec52bc71fe944bf19a3af58c34d
    SHA-256: fc169179c4876849ead2bfcb061e9cfa603bcb7865085c7f057636aaf4c8a4fd
    Size: 10.12 MB
  2. pcs-snmp-0.10.15-4.el8.1.ML.1.x86_64.rpm
    MD5: 3b559ed689bca9cb3886224f26319c7d
    SHA-256: 6f5ccdba9472de915c8615d14a1d03f058a7affae9fea063a70e33587025e844
    Size: 77.53 kB