Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Scientific Linux 6 & 7 Important: pcs Security Update SLSA-2015:1700-1

Scientific Large Esm H446
Important: pcs security update
Date: Tue, 1 Sep 2015 08:43:25 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 6x i386, x86_64 now available
MIME-Version: 1.0
Message-ID: <55E5AB7D.5040406@fnal.gov>

The following FASTBUGS have been uploaded to

i386:
cmirror-2.02.111-2.el6_6.5.i686.rpm
cmirror-2.02.118-3.el6_7.2.i686.rpm
device-mapper-1.02.90-2.el6_6.5.i686.rpm
device-mapper-1.02.95-3.el6_7.2.i686.rpm
device-mapper-devel-1.02.90-2.el6_6.5.i686.rpm
device-mapper-devel-1.02.95-3.el6_7.2.i686.rpm
device-mapper-event-1.02.90-2.el6_6.5.i686.rpm
device-mapper-event-1.02.95-3.el6_7.2.i686.rpm
device-mapper-event-devel-1.02.90-2.el6_6.5.i686.rpm
device-mapper-event-devel-1.02.95-3.el6_7.2.i686.rpm
device-mapper-event-libs-1.02.90-2.el6_6.5.i686.rpm
device-mapper-event-libs-1.02.95-3.el6_7.2.i686.rpm
device-mapper-libs-1.02.90-2.el6_6.5.i686.rpm
device-mapper-libs-1.02.95-3.el6_7.2.i686.rpm
dovecot-2.0.9-19.el6.1.i686.rpm
dovecot-devel-2.0.9-19.el6.1.i686.rpm
dovecot-mysql-2.0.9-19.el6.1.i686.rpm
dovecot-pgsql-2.0.9-19.el6.1.i686.rpm
dovecot-pigeonhole-2.0.9-19.el6.1.i686.rpm
kmod-cfg80211_dup-0.1_rh1-1.el6_6.i686.rpm
kmod-iwlwifi_dup-0.1_rh1-1.el6_6.i686.rpm
kmod-iwlwifi_dup-firmware-0.1_rh1-1.el6_6.i686.rpm
kmod-mac80211_dup-0.1_rh1-1.el6_6.i686.rpm
ksh-20120801-28.el6.1.i686.rpm
lvm2-2.02.111-2.el6_6.5.i686.rpm
lvm2-2.02.118-3.el6_7.2.i686.rpm
lvm2-cluster-2.02.111-2.el6_6.5.i686.rpm
lvm2-cluster-2.02.118-3.el6_7.2.i686.rpm
lvm2-devel-2.02.111-2.el6_6.5.i686.rpm
lvm2-devel-2.02.118-3.el6_7.2.i686.rpm
lvm2-libs-2.02.111-2.el6_6.5.i686.rpm
lvm2-libs-2.02.118-3.el6_7.2.i686.rpm
openssh-5.3p1-112.el6_7.i686.rpm
openssh-askpass-5.3p1-112.el6_7.i686.rpm
openssh-clients-5.3p1-112.el6_7.i686.rpm
openssh-ldap-5.3p1-112.el6_7.i686.rpm
openssh-server-5.3p1-112.el6_7.i686.rpm
pam_ssh_agent_auth-0.9.3-112.el6_7.i686.rpm
sudo-1.8.6p3-20.el6_7.i686.rpm
sudo-devel-1.8.6p3-20.el6_7.i686.rpm
tzdata-2015f-1.el6.noarch.rpm
tzdata-java-2015f-1.el6.noarch.rpm

x86_64:
cmirror-2.02.111-2.el6_6.5.x86_64.rpm
cmirror-2.02.118-3.el6_7.2.x86_64.rpm
device-mapper-1.02.90-2.el6_6.5.x86_64.rpm
device-mapper-1.02.95-3.el6_7.2.x86_64.rpm
device-mapper-devel-1.02.90-2.el6_6.5.i686.rpm
device-mapper-devel-1.02.90-2.el6_6.5.x86_64.rpm
device-mapper-devel-1.02.95-3.el6_7.2.i686.rpm
device-mapper-devel-1.02.95-3.el6_7.2.x86_64.rpm
device-mapper-event-1.02.90-2.el6_6.5.x86_64.rpm
device-mapper-event-1.02.95-3.el6_7.2.x86_64.rpm
device-mapper-event-devel-1.02.90-2.el6_6.5.i686.rpm
device-mapper-event-devel-1.02.90-2.el6_6.5.x86_64.rpm
device-mapper-event-devel-1.02.95-3.el6_7.2.i686.rpm
device-mapper-event-devel-1.02.95-3.el6_7.2.x86_64.rpm
device-mapper-event-libs-1.02.90-2.el6_6.5.i686.rpm
device-mapper-event-libs-1.02.90-2.el6_6.5.x86_64.rpm
device-mapper-event-libs-1.02.95-3.el6_7.2.i686.rpm
device-mapper-event-libs-1.02.95-3.el6_7.2.x86_64.rpm
device-mapper-libs-1.02.90-2.el6_6.5.i686.rpm
device-mapper-libs-1.02.90-2.el6_6.5.x86_64.rpm
device-mapper-libs-1.02.95-3.el6_7.2.i686.rpm
device-mapper-libs-1.02.95-3.el6_7.2.x86_64.rpm
dovecot-2.0.9-19.el6.1.i686.rpm
dovecot-2.0.9-19.el6.1.x86_64.rpm
dovecot-devel-2.0.9-19.el6.1.i686.rpm
dovecot-devel-2.0.9-19.el6.1.x86_64.rpm
dovecot-mysql-2.0.9-19.el6.1.x86_64.rpm
dovecot-pgsql-2.0.9-19.el6.1.x86_64.rpm
dovecot-pigeonhole-2.0.9-19.el6.1.x86_64.rpm
kmod-cfg80211_dup-0.1_rh1-1.el6_6.x86_64.rpm
kmod-iwlwifi_dup-0.1_rh1-1.el6_6.x86_64.rpm
kmod-iwlwifi_dup-firmware-0.1_rh1-1.el6_6.x86_64.rpm
kmod-mac80211_dup-0.1_rh1-1.el6_6.x86_64.rpm
ksh-20120801-28.el6.1.x86_64.rpm
lvm2-2.02.111-2.el6_6.5.x86_64.rpm
lvm2-2.02.118-3.el6_7.2.x86_64.rpm
lvm2-cluster-2.02.111-2.el6_6.5.x86_64.rpm
lvm2-cluster-2.02.118-3.el6_7.2.x86_64.rpm
lvm2-devel-2.02.111-2.el6_6.5.i686.rpm
lvm2-devel-2.02.111-2.el6_6.5.x86_64.rpm
lvm2-devel-2.02.118-3.el6_7.2.i686.rpm
lvm2-devel-2.02.118-3.el6_7.2.x86_64.rpm
lvm2-libs-2.02.111-2.el6_6.5.i686.rpm
lvm2-libs-2.02.111-2.el6_6.5.x86_64.rpm
lvm2-libs-2.02.118-3.el6_7.2.i686.rpm
lvm2-libs-2.02.118-3.el6_7.2.x86_64.rpm
openssh-5.3p1-112.el6_7.x86_64.rpm
openssh-askpass-5.3p1-112.el6_7.x86_64.rpm
openssh-clients-5.3p1-112.el6_7.x86_64.rpm
openssh-ldap-5.3p1-112.el6_7.x86_64.rpm
openssh-server-5.3p1-112.el6_7.x86_64.rpm
pam_ssh_agent_auth-0.9.3-112.el6_7.i686.rpm
pam_ssh_agent_auth-0.9.3-112.el6_7.x86_64.rpm
sudo-1.8.6p3-20.el6_7.x86_64.rpm
sudo-devel-1.8.6p3-20.el6_7.i686.rpm
sudo-devel-1.8.6p3-20.el6_7.x86_64.rpm
tzdata-2015f-1.el6.noarch.rpm
tzdata-java-2015f-1.el6.noarch.rpm
Date: Tue, 1 Sep 2015 08:54:52 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: FASTBUGS for SL 7x x86_64 now available
MIME-Version: 1.0
Message-ID: <55E5AE2C.7030809@fnal.gov>

The following FASTBUGS have been uploaded to

x86_64:
kross-interpreters-4.10.5-8.el7.x86_64.rpm
kross-python-4.10.5-8.el7.x86_64.rpm
kross-ruby-4.10.5-8.el7.x86_64.rpm
pacemaker-1.1.12-22.el7_1.4.x86_64.rpm
pacemaker-cli-1.1.12-22.el7_1.4.x86_64.rpm
pacemaker-cluster-libs-1.1.12-22.el7_1.4.i686.rpm
pacemaker-cluster-libs-1.1.12-22.el7_1.4.x86_64.rpm
pacemaker-cts-1.1.12-22.el7_1.4.x86_64.rpm
pacemaker-doc-1.1.12-22.el7_1.4.x86_64.rpm
pacemaker-libs-1.1.12-22.el7_1.4.i686.rpm
pacemaker-libs-1.1.12-22.el7_1.4.x86_64.rpm
pacemaker-libs-devel-1.1.12-22.el7_1.4.i686.rpm
pacemaker-libs-devel-1.1.12-22.el7_1.4.x86_64.rpm
pacemaker-remote-1.1.12-22.el7_1.4.x86_64.rpm
Date: Tue, 1 Sep 2015 17:20:18 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: pcs on SL6.x, SL7.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20150901172018.9242.32650@slpackages.fnal.gov>

Synopsis: Important: pcs security update
Advisory ID: SLSA-2015:1700-1
Issue Date: 2015-09-01
CVE Numbers: CVE-2015-5189
 CVE-2015-5190
--

A command injection flaw was found in the pcsd web UI. An attacker able to
trick a victim that was logged in to the pcsd web UI into visiting a
specially crafted URL could use this flaw to execute arbitrary code with
root privileges on the server hosting the web UI. (CVE-2015-5190)

A race condition was found in the way the pcsd web UI backend performed
authorization of user requests. An attacker could use this flaw to send a
request that would be evaluated as originating from a different user,
potentially allowing the attacker to perform actions with permissions of a
more privileged user. (CVE-2015-5189)
--

SL6
 x86_64
 pcs-0.9.139-9.el6_7.1.x86_64.rpm
 pcs-debuginfo-0.9.139-9.el6_7.1.x86_64.rpm
 i386
 pcs-0.9.139-9.el6_7.1.i686.rpm
 pcs-debuginfo-0.9.139-9.el6_7.1.i686.rpm
SL7
 x86_64
 pcs-0.9.137-13.el7_1.4.x86_64.rpm
 pcs-debuginfo-0.9.137-13.el7_1.4.x86_64.rpm
 python-clufter-0.9.137-13.el7_1.4.x86_64.rpm

- Scientific Linux Development Team