AXSA:2015-458:01

リリース日: 
2015/09/16 Wednesday - 14:58
題名: 
pcs-0.9.139-9.AXS4.1
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

* CVE-2015-5189:
Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.

* CVE-2015-5190:
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.

解決策: 

Update packages

追加情報: 

N/A

ダウンロード: 

SRPMS
  1. pcs-0.9.139-9.AXS4.1.src.rpm
    MD5: 178abd9350f4c0c5679d10535cfca589
    SHA-256: 265b5f3df413bf579f5018e6b8159dbcc63b3a5e996c2b64d51ac1376c67904f
    Size: 2.60 MB

Asianux Server 4 for x86
  1. pcs-0.9.139-9.AXS4.1.i686.rpm
    MD5: 152eca064862ea2e869e313fc2c3b220
    SHA-256: 1212399fd222b763e811441ab6b1735f8cb9c8a643687c52b31a2fc19c05c3f2
    Size: 5.78 MB

Asianux Server 4 for x86_64
  1. pcs-0.9.139-9.AXS4.1.x86_64.rpm
    MD5: 026e3c489dc16a339a642d87638f1ee3
    SHA-256: 19ee9e969f57bdb78e36b15a66c89e19156e101334a201892313d7a65eb97f05
    Size: 5.80 MB
Copyright© 2007-2015 Asianux. All rights reserved.