pcs-0.9.139-9.AXS4.1
エラータID: AXSA:2015-458:01
Release date:
Wednesday, September 16, 2015 - 15:58
Subject:
pcs-0.9.139-9.AXS4.1
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
The pcs packages provide a command-line configuration system for the
Pacemaker and Corosync utilities.
Security issues fixed with this release:
CVE-2015-5189
CVE-2015-5190
Solution:
Update package.
CVEs:
CVE-2015-5189
Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.
Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.
CVE-2015-5190
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.
Additional Info:
N/A
Download:
SRPMS
- pcs-0.9.139-9.AXS4.1.src.rpm
MD5: 178abd9350f4c0c5679d10535cfca589
SHA-256: 265b5f3df413bf579f5018e6b8159dbcc63b3a5e996c2b64d51ac1376c67904f
Size: 2.60 MB
Asianux Server 4 for x86
- pcs-0.9.139-9.AXS4.1.i686.rpm
MD5: 152eca064862ea2e869e313fc2c3b220
SHA-256: 1212399fd222b763e811441ab6b1735f8cb9c8a643687c52b31a2fc19c05c3f2
Size: 5.78 MB
Asianux Server 4 for x86_64
- pcs-0.9.139-9.AXS4.1.x86_64.rpm
MD5: 026e3c489dc16a339a642d87638f1ee3
SHA-256: 19ee9e969f57bdb78e36b15a66c89e19156e101334a201892313d7a65eb97f05
Size: 5.80 MB