ELSA-2018-1060 - pcs security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2018-04-30 |
Description
[0.9.162-5.0.3.el7_5.1]
- Unlike RHEL we DO have corosync/pacemaker for aarch64 on EL7
- replace logo pcsd/public/favicon.ico in tarball
- remove Source1 HAM-logo.png
[0.9.162-5.el7_5.1]
- Fixed CVE-2018-1086 pcs: Debug parameter removal bypass, allowing information disclosure
- Fixed CVE-2018-1079 pcs: Privilege escalation via authorized user malicious REST call
- Fixed CVE-2018-1000119 rack-protection: Timing attack in authenticity_token.rb
- Resolves: rhbz#1557253
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle Linux 7 (x86_64) | pcs-0.9.162-5.0.3.el7_5.1.src.rpm | 4102ad4a21e01adc2ee62d26b8dbce74 | ELBA-2020-3964 |
| pcs-0.9.162-5.0.3.el7_5.1.x86_64.rpm | 4ceba600e3567e107a6678f25e6b5021 | ELBA-2020-3964 |
| pcs-snmp-0.9.162-5.0.3.el7_5.1.x86_64.rpm | efb66bd3cf8814dd1f7adb61afda56b1 | ELBA-2020-3964 |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
