pcs-0.10.18-2.el8_10.4.ML.1
エラータID: AXSA:2025-9779:02
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* python-tornado: Tornado has HTTP cookie parsing DoS vulnerability (CVE-2024-52804)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2024-52804
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue.
Update packages.
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue.
N/A
SRPMS
- pcs-0.10.18-2.el8_10.4.ML.1.src.rpm
MD5: 6a7d9836de1c06904997ccc49b75748f
SHA-256: 56d5c3e8a879c90b926a942bf170b64953a6deaab143a49264847847e743b25b
Size: 5.17 MB
Asianux Server 8 for x86_64
- pcs-0.10.18-2.el8_10.4.ML.1.x86_64.rpm
MD5: 3dbf43f1059395fa2227bee481fa2333
SHA-256: 2bdbec5abb8d5b4b5ea9db3d190dec064a2e5a9bececa19fd5f97517de4fcf59
Size: 4.11 MB - pcs-snmp-0.10.18-2.el8_10.4.ML.1.x86_64.rpm
MD5: af5a74e090be835034517c4f8b6752be
SHA-256: a67a00be9736f923eed1c0789161b8ef36c377f1412e93e6d68e2adef96b585b
Size: 81.26 kB
日本語