Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Red Hat Enterprise Linux 6: RHSA-2018:1927-01 Moderate: pcs Info Leak

Calendar Jun 19, 2018 User Avatar LinuxSecurity Advisories
2 - 3 min read
Redhat Large Esm H500
Topics%20covered

Topics Covered

security advisory moderate Red Hat Enterprise Linux security impact information disclosure pcs
An update for pcs is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: pcs security update
Advisory ID:       RHSA-2018:1927-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:1927
Issue date:        2018-06-19
CVE Names:         CVE-2018-1086 
====================================================================
1. Summary:

An update for pcs is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux High Availability (v. 6) - i386, x86_64
Red Hat Enterprise Linux Resilient Storage (v. 6) - i386, x86_64

3. Description:

The pcs packages provide a command-line configuration system for the
Pacemaker and Corosync utilities.

Security Fix(es):

* pcs: Debug parameter removal bypass, allowing information disclosure
(CVE-2018-1086)

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

This issue was discovered by Cedric Buissart (Red Hat).

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10
Technical Notes linked from the References section.

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

1557366 - CVE-2018-1086 pcs: Debug parameter removal bypass, allowing information disclosure

6. Package List:

Red Hat Enterprise Linux High Availability (v. 6):

Source:
pcs-0.9.155-3.el6.src.rpm

i386:
pcs-0.9.155-3.el6.i686.rpm
pcs-debuginfo-0.9.155-3.el6.i686.rpm

x86_64:
pcs-0.9.155-3.el6.x86_64.rpm
pcs-debuginfo-0.9.155-3.el6.x86_64.rpm

Red Hat Enterprise Linux Resilient Storage (v. 6):

Source:
pcs-0.9.155-3.el6.src.rpm

i386:
pcs-0.9.155-3.el6.i686.rpm
pcs-debuginfo-0.9.155-3.el6.i686.rpm

x86_64:
pcs-0.9.155-3.el6.x86_64.rpm
pcs-debuginfo-0.9.155-3.el6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key

7. References:

https://access.redhat.com/security/cve/CVE-2018-1086
https://access.redhat.com/security/updates/classification#moderate
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/6.10_release_notes/index.html
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/6.10_technical_notes/index.html

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBWyiNG9zjgjWX9erEAQjcTw//asqyV0hkdfW6QqCnqVnZN06hLwgEuqXD
sEl1HgiIopVvAAWWAH+Cub5Kk/8nJXVWvQxM6TByZssEwGjbQ8p22Ph1vtOYMqr0
ID0Kg4IqBR5SJe5VCGZBElduBiZdP6hxLNpTg7suaVmlXYSKPNIZr3vmvG1njt0b
ZtHmJaahcS+0pQIKEv6W29cYKAMX+mi/RgacPPMggFEz6cgG7IGC45LgyfxtmGNN
diKKnmgNkfzn2h4BpovZ+l8MB1mZUz3nI5vYQm5R6IiSoYwPKN3Jb8uHYdDtVPTD
mHURWLXwHTC05wh7S+ROk86F0OTJZFZtpIPUX68LrJG9Um7ebAWGz08nOZiFBxao
Lw47FLLIigUpiz23QJYIwXaSDAL5eKKLy77elF559sdS/Eqcvn4HyWrqTpD87Nti
yoPJEW5f9kQ9fkj/J/rTguFy2q6XJovoj0GoVDHLt71XFFRreFBkVvjpKNRZJ4c8
h0xOTt/7wGx3cj5bYlOHXLzIhvzOAQSK20MPC23o5XqUloHfm2ya1QHaPjR2rM6P
AkB7zZcjWIKD6fntXwjqJ4w/ikpTZcQ/iF3RFIM0sJWYvNF79ECv/6zeCKvfrEyH
W1JrGY0fpNVSrb7+kgIoOo/zr8MLzvOEiZDQkWIjPp+eJ75M7g59zI36PsD9HLbk
VOabtN7bAHU=X0dL
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
This email address is being protected from spambots. You need JavaScript enabled to view it.

Red Hat Enterprise Linux 6: RHSA-2018:1927-01 Moderate: pcs Info Leak

red hat
Calendar Grey June 19, 2018
Dist Redhat Esm H88
New moderate security patch released for Red Hat Enterprise Linux, tackling vulnerabilities related to information exposure. Find out more.
An update for pcs is now available for Red Hat Enterprise Linux 6

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
This issue was discovered by Cedric Buissart (Red Hat).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat Enterprise Linux security impact information disclosure pcs

References

https://access.redhat.com/security/cve/CVE-2018-1086 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/6.10_release_notes/index.html https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/6.10_technical_notes/index.html

Package List

Red Hat Enterprise Linux High Availability (v. 6):
Source: pcs-0.9.155-3.el6.src.rpm
i386: pcs-0.9.155-3.el6.i686.rpm pcs-debuginfo-0.9.155-3.el6.i686.rpm
x86_64: pcs-0.9.155-3.el6.x86_64.rpm pcs-debuginfo-0.9.155-3.el6.x86_64.rpm
Red Hat Enterprise Linux Resilient Storage (v. 6):
Source: pcs-0.9.155-3.el6.src.rpm
i386: pcs-0.9.155-3.el6.i686.rpm pcs-debuginfo-0.9.155-3.el6.i686.rpm
x86_64: pcs-0.9.155-3.el6.x86_64.rpm pcs-debuginfo-0.9.155-3.el6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key


Advisory ID: RHSA-2018:1927-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2018:1927
Issue date: 2018-06-19

Topic

An update for pcs is now available for Red Hat Enterprise Linux 6.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate Red Hat Enterprise Linux security impact information disclosure pcs

Relevant Releases Architectures

Red Hat Enterprise Linux High Availability (v. 6) - i386, x86_64

Red Hat Enterprise Linux Resilient Storage (v. 6) - i386, x86_64

Bugs Fixed

1557366 - CVE-2018-1086 pcs: Debug parameter removal bypass, allowing information disclosure

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here