pcs-0.10.18-2.el8_10.1.ML.1

エラータID: AXSA:2024-8703:04

Release date: 
Monday, August 26, 2024 - 11:07
Subject: 
pcs-0.10.18-2.el8_10.1.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

Security Fix(es):

* REXML: DoS parsing an XML with many `<`s in an attribute value (CVE-2024-35176)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-35176
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.

Solution: 

Update packages.

CVEs: 
CVE-2024-35176
REXML is an XML toolkit for Ruby. The REXML gem before 3.2.6 has a denial of service vulnerability when it parses an XML that has many `<`s in an attribute value. Those who need to parse untrusted XMLs may be impacted to this vulnerability. The REXML gem 3.2.7 or later include the patch to fix this vulnerability. As a workaround, don't parse untrusted XMLs.
Additional Info: 

N/A

Download: 

SRPMS
  1. pcs-0.10.18-2.el8_10.1.ML.1.src.rpm
    MD5: fc3bea4ab473d18a0bc1eb39ea75f234
    SHA-256: b68d6ca3c81ed0e15b16337dc9f1f69450b6d990e1c4d21e22871d9c3b08b436
    Size: 5.16 MB

Asianux Server 8 for x86_64
  1. pcs-0.10.18-2.el8_10.1.ML.1.x86_64.rpm
    MD5: 0decfab7d27ab1bdce52b84fc91a1cac
    SHA-256: abff704ab92ead1d94b4d5d5b09a2eb9b60f38481ff7d459942d5a8278bc39a5
    Size: 4.11 MB
  2. pcs-snmp-0.10.18-2.el8_10.1.ML.1.x86_64.rpm
    MD5: 3839db1c36de7179142a8e60dd4dd687
    SHA-256: d42d91c0772bfcf47f2ef9441eeb96501fa4aff1750a4dcfdf246c4b75316506
    Size: 80.73 kB