Lucene search
AlmaLinuxALSA-2023:2652HistoryMay 09, 2023 - 12:00 a.m.
Important: pcs security and bug fix update
2023-05-0900:00:00
errata.almalinux.org
16
pacemaker
corosync
security fix
bug fix
cve
cvss
denial of service
webpack
almalinux
rubygem-rack
multipart mime parsing
header parsing
bz#2180697
bz#2180704
bz#2183180
unix
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
64.8%
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
- pcs: webpack: Regression of CVE-2023-28154 fixes in the AlmaLinux (CVE-2023-2319)
- rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530)
- rubygem-rack: denial of service in header parsing (CVE-2023-27539)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Command βpcs config checkpoint diffβ does not show configuration differences between checkpoints (BZ#2180697)
- Need a way to add a scsi fencing device to a cluster without requiring a restart of all cluster resources (BZ#2180704)
- [WebUI] fence levels prevent loading of cluster status (BZ#2183180)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 9 | x86_64 | pcs-snmp | <Β 0.11.4-7.el9_2 | pcs-snmp-0.11.4-7.el9_2.x86_64.rpm |
| almalinux | 9 | x86_64 | pcs | <Β 0.11.4-7.el9_2 | pcs-0.11.4-7.el9_2.x86_64.rpm |
| almalinux | 9 | s390x | pcs | <Β 0.11.4-7.el9_2 | pcs-0.11.4-7.el9_2.s390x.rpm |
| almalinux | 9 | s390x | pcs-snmp | <Β 0.11.4-7.el9_2 | pcs-snmp-0.11.4-7.el9_2.s390x.rpm |
| almalinux | 9 | ppc64le | pcs-snmp | <Β 0.11.4-7.el9_2 | pcs-snmp-0.11.4-7.el9_2.ppc64le.rpm |
| almalinux | 9 | ppc64le | pcs | <Β 0.11.4-7.el9_2 | pcs-0.11.4-7.el9_2.ppc64le.rpm |
| almalinux | 9 | aarch64 | pcs-snmp | <Β 0.11.4-7.el9_2 | pcs-snmp-0.11.4-7.el9_2.aarch64.rpm |
| almalinux | 9 | aarch64 | pcs | <Β 0.11.4-7.el9_2 | pcs-0.11.4-7.el9_2.aarch64.rpm |
References
Related
redhat
redhat
(RHSA-2023:2652) Important: pcs security and bug fix update
2023-05-09 11:25:07
(RHSA-2023:3403) Moderate: pcs security and bug fix update
2023-05-31 15:30:50
(RHSA-2023:1981) Moderate: pcs security and bug fix update
2023-04-25 09:58:19
nessus
nessus
RHEL 9 : pcs (RHSA-2023:2652)
2023-05-12 00:00:00
Oracle Linux 9 : pcs (ELSA-2023-12595)
2023-07-20 00:00:00
AlmaLinux 9 : pcs (ALSA-2023:2652)
2023-05-14 00:00:00
osv
osv
Important: pcs security and bug fix update
2023-05-25 19:53:02
Important: pcs security and bug fix update
2023-05-09 00:00:00
ruby-rack - security update
2023-04-17 00:00:00
rocky
rocky
pcs security and bug fix update
2023-05-25 19:53:02
pcs security and bug fix update
2023-05-18 19:18:23
pcs security update
2023-04-06 15:23:56
oraclelinux
oraclelinux
pcs security update
2023-07-20 00:00:00
pcs security update
2023-05-29 00:00:00
pcs security update
2023-04-05 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3392-1)
2023-04-19 00:00:00
Fedora: Security Advisory for pcs (FEDORA-2023-cb2e422088)
2023-04-23 00:00:00
Fedora: Security Advisory for pcs (FEDORA-2023-5993ffa09a)
2023-04-23 00:00:00
debian
debian
[SECURITY] [DLA 3392-1] ruby-rack security update
2023-04-17 14:31:02
[SECURITY] [DLA 3392-1] ruby-rack security update
2023-04-17 13:57:17
[SECURITY] [DSA 5530-1] ruby-rack security update
2023-10-22 12:35:21
almalinux
almalinux
Moderate: pcs security and bug fix update
2023-05-16 00:00:00
Important: pcs security update
2023-04-04 00:00:00
redhatcve
redhatcve
nvd
nvd
cve
cve
prion
prion
Code injection
2023-05-17 23:15:00
Design/Logic Flaw
2023-03-13 01:15:00
Code injection
2023-03-10 22:15:00
cvelist
cvelist
ibm
ibm
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to Webpack (CVE-2023-28154)
2023-04-11 12:52:52
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-03-17 02:16:44
Sensitive Information Disclosure
2023-03-15 02:27:09
Denial Of Service (DoS)
2023-03-09 01:51:42
freebsd
freebsd
rack -- possible denial of service vulnerability in header parsing
2023-03-13 00:00:00
rack -- possible DoS vulnerability in multipart MIME parsing
2023-03-03 00:00:00
amazon
amazon
Medium: pcs
2023-04-27 18:36:00
fedora
fedora
[SECURITY] Fedora 37 Update: pcs-0.11.5-2.fc37
2023-04-22 00:55:59
[SECURITY] Fedora 36 Update: pcs-0.11.5-2.fc36
2023-04-22 01:12:33
[SECURITY] Fedora 38 Update: pcs-0.11.5-2.fc38
2023-04-22 00:49:16
debiancve
debiancve
github
github
Possible Denial of Service Vulnerability in Rack's header parsing
2023-03-15 21:36:02
Rack has possible DoS Vulnerability in Multipart MIME parsing
2023-03-08 17:20:04
Cross-realm object access in Webpack 5
2023-03-13 03:30:15
hackerone
hackerone
ubuntucve
ubuntucve
mageia
mageia
Updated ruby-rack fixes a vulnerability and some bugs
2024-02-19 20:35:05
Updated ruby-rack packages fix security vulnerability
2023-03-24 08:55:49
redos
redos
ROS-20240404-10
2024-04-04 00:00:00
ROS-20240403-12
2024-04-03 00:00:00
rubygems
rubygems
Possible Denial of Service Vulnerability in Rackβs header parsing
2023-03-12 21:00:00
Possible DoS Vulnerability in Multipart MIME parsing
2023-03-02 21:00:00
ubuntu
ubuntu
Rack vulnerabilities
2024-03-12 00:00:00
Rack vulnerabilities
2024-06-17 00:00:00
wordfence
wordfence
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
64.8%
Related for ALSA-2023:2652