pcs-0.9.152-10.el7

エラータID: AXSA:2016-896:01

Release date: 
Friday, November 11, 2016 - 12:28
Subject: 
pcs-0.9.152-10.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

pcs is a corosync and pacemaker configuration tool. It permits users to
easily view, modify and created pacemaker based clusters.

Security issues fixed with this release:

CVE-2016-0720
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-0721
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

The following packages have been upgraded to a newer upstream version: pcs (0.9.152).
Additional Changes:

Solution: 

Update packages.

CVEs: 
CVE-2016-0720
Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149.
CVE-2016-0721
Session fixation vulnerability in pcsd in pcs before 0.9.157.
Additional Info: 

N/A

Download: 

SRPMS
  1. pcs-0.9.152-10.el7.src.rpm
    MD5: 262c6606e254191a40ca7ea5501206ca
    SHA-256: dd8240f70abc6bffed854c63d36f883d166e4524aac684f1d039201048359511
    Size: 3.00 MB

Asianux Server 7 for x86_64
  1. pcs-0.9.152-10.el7.x86_64.rpm
    MD5: 792aa535fb7dc616a51416475c0dabc8
    SHA-256: 8803b3b0ac7d258f9cee44381757ab361aedee6be07c68529afdd727b860ddb8
    Size: 5.02 MB