The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
The following packages have been upgraded to a newer upstream version: pcs (0.9.152). (BZ#1299847)
Security Fix(es):
A Cross-Site Request Forgery (CSRF) flaw was found in the pcsd web UI. A remote attacker could provide a specially crafted web page that, when visited by a user with a valid pcsd session, would allow the attacker to trigger requests on behalf of the user, for example removing resources or restarting/removing nodes. (CVE-2016-0720)
It was found that pcsd did not invalidate cookies on the server side when a user logged out. This could potentially allow an attacker to perform session fixation attacks on pcsd. (CVE-2016-0721)
These issues were discovered by Martin Prpic (Red Hat Product Security).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | x86_64 | pcs | < 0.9.152-10.el7 | pcs-0.9.152-10.el7.x86_64.rpm |
RedHat | 7 | x86_64 | pcs-debuginfo | < 0.9.152-10.el7 | pcs-debuginfo-0.9.152-10.el7.x86_64.rpm |
RedHat | 7 | s390x | pcs | < 0.9.152-10.el7 | pcs-0.9.152-10.el7.s390x.rpm |
RedHat | 7 | s390x | pcs-debuginfo | < 0.9.152-10.el7 | pcs-debuginfo-0.9.152-10.el7.s390x.rpm |