pcs-0.10.18-2.el8_10.9.ML.1
エラータID: AXSA:2026-468:04
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* tornado-python: Tornado: Denial of Service via large multipart bodies (CVE-2026-31958)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2026-31958
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the max_body_size setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. This vulnerability is fixed in 6.5.5.
Update packages.
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the max_body_size setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. This vulnerability is fixed in 6.5.5.
N/A
SRPMS
- pcs-0.10.18-2.el8_10.9.ML.1.src.rpm
MD5: b99a4aeb8310e796d6f81facc84c7d05
SHA-256: 3267149b9a5caaeb4752098011794a7040bd56c35f14b378ccf088d6b8810c48
Size: 5.17 MB
Asianux Server 8 for x86_64
- pcs-0.10.18-2.el8_10.9.ML.1.x86_64.rpm
MD5: 8e5e36626d0a81c9c5d4a051d6e67e2b
SHA-256: e8ba1285dd403936e95a266f9cf10a34146ea420860f2d846b35709153afbf20
Size: 4.11 MB - pcs-snmp-0.10.18-2.el8_10.9.ML.1.x86_64.rpm
MD5: 56396396fb0554a94fa87aa0a0c2fcb6
SHA-256: c33b0f264cb6e760e01738b96eb3716cd935766b657455a076b1ce4188a5a242
Size: 82.17 kB