Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 441
Alerts This Week
Warning Icon 1 441

Fedora 22 pcs Security Advisory: Critical CSRF Attack Mitigated

fedora
Calendar Grey March 2, 2016
Dist Fedora Esm H88
Essential Fedora 22 Upgrade - pcs addresses CSRF issues, boosts protection through python-lxml requirement and maintains upstream alignment.
Added missing python-lxml dependency ---- * Re-synced to upstream sources * Security fix for CVE-2016-0720, CVE-2016-0721 * Rubygems built with RELRO * Spec file cleanup * Fixed mu...

Summary

pcs is a corosync and pacemaker configuration tool. It permits users to

easily view, modify and created pacemaker based clusters.

Update Information:

Added missing python-lxml dependency ---- * Re-synced to upstream sources * Security fix for CVE-2016-0720, CVE-2016-0721 * Rubygems built with RELRO * Spec file cleanup * Fixed multilib .pyc/.pyo issue

Change Log

References


[ 1 ] Bug #1299615 - CVE-2016-0721 pcs: cookies are not invalidated upon logout https://bugzilla.redhat.com/show_bug.cgi?id=1299615 [ 2 ] Bug #1299614 - CVE-2016-0720 pcs: Cross-Site Request Forgery in web UI https://bugzilla.redhat.com/show_bug.cgi?id=1299614

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update pcs' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: pcs
Product: Fedora 22
Version: 0.9.149
Release: 2.fc22
Summary: Pacemaker Configuration System

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.