pcs-0.10.18-2.el8_10.6.ML.1

エラータID: AXSA:2025-10575:06

Release date: 
Thursday, July 24, 2025 - 09:45
Subject: 
pcs-0.10.18-2.el8_10.6.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

Security Fix(es):

* rexml: REXML ReDoS vulnerability (CVE-2024-49761)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.

Solution: 

Update packages.

CVEs: 
CVE-2024-49761
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between &# and x...; in a hex numeric character reference (&#x...;). This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML gem 3.3.9 or later include the patch to fix the vulnerability.
Additional Info: 

N/A

Download: 

SRPMS
  1. pcs-0.10.18-2.el8_10.6.ML.1.src.rpm
    MD5: 91384e728aa955b27591200affeeaa86
    SHA-256: 6575201d93b9f1fe630f8372c9d30fb2c886a51013932fdcc5e55420130be1cd
    Size: 5.17 MB

Asianux Server 8 for x86_64
  1. pcs-0.10.18-2.el8_10.6.ML.1.x86_64.rpm
    MD5: 01767a54b7cc25619ab8fffd9eea5063
    SHA-256: 5d7055106f3344ffce87d503a8bcdbd8442e9d272c0259042fd895e856351ca1
    Size: 4.11 MB
  2. pcs-snmp-0.10.18-2.el8_10.6.ML.1.x86_64.rpm
    MD5: 77ce590a32f5be6fa2602444c76ff45b
    SHA-256: c9529c8427527b0fb0802c5b70021b27f101a8c8954a1279b8c7d62e9a8f0854
    Size: 81.61 kB