ELSA-2018-1060

ELSA-2018-1060 - pcs security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2018-04-30

Description


[0.9.162-5.0.3.el7_5.1]
- Unlike RHEL we DO have corosync/pacemaker for aarch64 on EL7
- replace logo pcsd/public/favicon.ico in tarball
- remove Source1 HAM-logo.png

[0.9.162-5.el7_5.1]
- Fixed CVE-2018-1086 pcs: Debug parameter removal bypass, allowing information disclosure
- Fixed CVE-2018-1079 pcs: Privilege escalation via authorized user malicious REST call
- Fixed CVE-2018-1000119 rack-protection: Timing attack in authenticity_token.rb
- Resolves: rhbz#1557253


Related CVEs


CVE-2018-1079
CVE-2018-1086
CVE-2018-1000119

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) pcs-0.9.162-5.0.3.el7_5.1.src.rpm4102ad4a21e01adc2ee62d26b8dbce74-
pcs-0.9.162-5.0.3.el7_5.1.x86_64.rpm4ceba600e3567e107a6678f25e6b5021-
pcs-snmp-0.9.162-5.0.3.el7_5.1.x86_64.rpmefb66bd3cf8814dd1f7adb61afda56b1-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete