Lucene search
RedHatRHSA-2018:1060HistoryApr 10, 2018 - 8:05 a.m.
(RHSA-2018:1060) Important: pcs security update
2018-04-1008:05:05
access.redhat.com
24
0.006 Low
EPSS
Percentile
78.2%
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
-
pcs: Privilege escalation via authorized user malicious REST call (CVE-2018-1079)
-
pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086)
-
rack-protection: Timing attack in authenticity_token.rb (CVE-2018-1000119)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
The CVE-2018-1079 issue was discovered by Ondrej Mular (Red Hat) and the CVE-2018-1086 issue was discovered by Cedric Buissart (Red Hat).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | ppc64le | pcs-snmp | < 0.9.162-5.el7_5.1 | pcs-snmp-0.9.162-5.el7_5.1.ppc64le.rpm |
| RedHat | 7 | x86_64 | pcs-debuginfo | < 0.9.162-5.el7_5.1 | pcs-debuginfo-0.9.162-5.el7_5.1.x86_64.rpm |
| RedHat | 7 | s390x | pcs-debuginfo | < 0.9.162-5.el7_5.1 | pcs-debuginfo-0.9.162-5.el7_5.1.s390x.rpm |
| RedHat | 7 | x86_64 | pcs | < 0.9.162-5.el7_5.1 | pcs-0.9.162-5.el7_5.1.x86_64.rpm |
| RedHat | 7 | s390x | pcs-snmp | < 0.9.162-5.el7_5.1 | pcs-snmp-0.9.162-5.el7_5.1.s390x.rpm |
| RedHat | 7 | x86_64 | pcs-snmp | < 0.9.162-5.el7_5.1 | pcs-snmp-0.9.162-5.el7_5.1.x86_64.rpm |
| RedHat | 7 | ppc64le | pcs | < 0.9.162-5.el7_5.1 | pcs-0.9.162-5.el7_5.1.ppc64le.rpm |
| RedHat | 7 | ppc64le | pcs-debuginfo | < 0.9.162-5.el7_5.1 | pcs-debuginfo-0.9.162-5.el7_5.1.ppc64le.rpm |
| RedHat | 7 | s390x | pcs | < 0.9.162-5.el7_5.1 | pcs-0.9.162-5.el7_5.1.s390x.rpm |
Related
openvas
openvas
CentOS Update for pcs CESA-2018:1060 centos7
2018-06-05 00:00:00
Fedora Update for pcs FEDORA-2018-ce5d7106d8
2018-04-19 00:00:00
Fedora Update for pcs FEDORA-2018-57bbe74c6c
2018-04-19 00:00:00
nessus
nessus
Amazon Linux 2 : pcs (ALAS-2018-1005)
2018-04-27 00:00:00
Scientific Linux Security Update : pcs on SL7.x x86_64 (20180410)
2018-05-01 00:00:00
centos
centos
pcs security update
2018-05-30 18:24:25
pcs security update
2018-06-21 11:55:57
oraclelinux
oraclelinux
pcs security update
2018-04-30 00:00:00
amazon
amazon
Important: pcs
2018-04-26 17:41:00
fedora
fedora
[SECURITY] Fedora 26 Update: pcs-0.9.160-2.fc26
2018-04-19 00:07:28
[SECURITY] Fedora 28 Update: pcs-0.9.164-1.fc28
2018-04-15 02:44:28
[SECURITY] Fedora 27 Update: pcs-0.9.164-1.fc27
2018-04-19 00:32:14
debian
debian
[SECURITY] [DSA 4247-1] ruby-rack-protection security update
2018-07-16 21:02:05
[SECURITY] [DSA 4169-1] pcs security update
2018-04-11 08:26:59
[SECURITY] [DSA 4339-1] ceph security update
2018-11-13 21:48:36
osv
osv
CVE-2018-1000119
2018-03-07 14:29:00
ruby-rack-protection - security update
2018-07-16 00:00:00
rack-protection gem timing attack vulnerability when validating CSRF token
2018-03-07 22:22:22
nvd
nvd
debiancve
debiancve
prion
prion
Cross site request forgery (csrf)
2018-03-07 14:29:00
Privilege escalation
2018-04-12 17:29:00
Privilege escalation
2018-04-12 16:29:00
veracode
veracode
Timing Attack
2019-01-15 09:21:58
Timing Attack
2016-12-22 07:10:29
Arbitrary File Write
2019-05-16 02:52:22
cvelist
cvelist
cve
cve
github
github
rack-protection gem timing attack vulnerability when validating CSRF token
2018-03-07 22:22:22
ubuntucve
ubuntucve
redhatcve
redhatcve
CVE-2018-1079
2018-04-09 11:49:00
CVE-2018-1086
2018-04-09 11:48:48
redhat
redhat
(RHSA-2018:1927) Moderate: pcs security update
2018-06-19 02:12:38
(RHSA-2021:1313) Moderate: Satellite 6.9 Release
2021-04-21 12:43:38
(RHSA-2020:4366) Important: Satellite 6.8 release
2020-10-27 12:45:25