Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 15 articles for you...
98
security advisoryRed Hatbug fixRed Hat: RHSA-2023:2652-01 Important pcs Security Update
An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: pcs security and bug fix update Advisory ID: RHSA-2023:2652-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2652 Issue date: 2023-05-09 CVE Names: CVE-2023-2319 CVE-2023-27530 CVE-2023-27539 ==================================================================== 1. Summary: An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux HighAvailability (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux ResilientStorage (v. 9) - ppc64le, s390x, x86_64 3. Description: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * pcs: webpack: Regression of CVE-2023-28154 fixes in the Red Hat Enterprise Linux (CVE-2023-2319) * rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530) * rubygem-rack: denial of service in header parsing (CVE-2023-27539) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Command 'pcs config checkpoint diff' does not show configuration differencesbetween checkpoints (BZ#2180697) * Need a way to add a scsi fencing device to a cluster without requiring a restart of all cluster resources (BZ#2180704) * [WebUI] fence levels prevent loading of cluster status (BZ#2183180) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2176477 - CVE-2023-27530 rubygem-rack: Denial of service in Multipart MIME parsing 2179649 - CVE-2023-27539 rubygem-rack: denial of service in header parsing 2180697 - Command 'pcs config checkpoint diff' does not show configuration differences between checkpoints [rhel-9.2.0.z] 2180704 - Need a way to add a scsi fencing device to a cluster without requiring a restart of all cluster resources [rhel-9.2.0.z] 2183180 - [WebUI] fence levels prevent loading of cluster status [rhel-9.2.0.z] 2190092 - CVE-2023-2319 pcs: webpack: Regression of CVE-2023-28154 fixes in the Red Hat Enterprise Linux 6. Package List: Red Hat Enterprise Linux HighAvailability (v. 9): Source: pcs-0.11.4-7.el9_2.src.rpm aarch64: pcs-0.11.4-7.el9_2.aarch64.rpm pcs-snmp-0.11.4-7.el9_2.aarch64.rpm ppc64le: pcs-0.11.4-7.el9_2.ppc64le.rpm pcs-snmp-0.11.4-7.el9_2.ppc64le.rpm s390x: pcs-0.11.4-7.el9_2.s390x.rpm pcs-snmp-0.11.4-7.el9_2.s390x.rpm x86_64: pcs-0.11.4-7.el9_2.x86_64.rpm pcs-snmp-0.11.4-7.el9_2.x86_64.rpm Red Hat Enterprise Linux ResilientStorage (v. 9): Source: pcs-0.11.4-7.el9_2.src.rpm ppc64le: pcs-0.11.4-7.el9_2.ppc64le.rpm pcs-snmp-0.11.4-7.el9_2.ppc64le.rpm s390x: pcs-0.11.4-7.el9_2.s390x.rpm pcs-snmp-0.11.4-7.el9_2.s390x.rpm x86_64: pcs-0.11.4-7.el9_2.x86_64.rpm pcs-snmp-0.11.4-7.el9_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2023-2319 https://access.redhat.com/security/cve/CVE-2023-27530 https://access.redhat.com/security/cve/CVE-2023-27539 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFo109zjgjWX9erEAQiciBAAg7XwmVv/oOOjUMUvzGkRzzYprJEbpjWK n0xMK0MeYUWKYzTHSfbFq4clC+NEz/RCAowLV9pYDQHDONSuWmd6vsHg4Em+Olut dcY4W2myUmCzqUsJeKOO7N3kz06CGdd047cMEBNVn0VbXPYEDMwhZZFq9GolykkQ cM4KpV365mwuCKWRAQyBnjiQCGK8/8m7tP9EYP1wQBKLAj0KCwAEUUCo1Fnn+rnS 6ufIgjLHH6J9UUIYo4cOl61eY6/uNuuiObCJep74Y9poc4IFAnlsmqrunhVW1Ueh r2O1f2BWQNo/0//cxhMI5ifriol8so5kZIVigUfdvQIYHsfM0k4ERMBTuezSYlzW r00YHp+L3CjWKOGdS2TFdfNfdB9mJjj1IUkbrNtCmLzxPZ2HPl8lZy2WQmIJGWax kbH9+9U+cRKtD5Lz8EvgiVXrMbOzzf14+M4K79x6hFiPoKYNVzLDyT9krGtTA5+J cdtn5845+ZhcFjm8cLy+5FPc03BNaG3+07yQwAJPLGXLnU1Eq0SxZ+TfKGuNvkWs /gqOdyHW3bjlRklI+UbqESLEZGsoKbxKnYtOrDhG9Vf6XPDBmePfczAagVBGcWZV zP6R3lXseVEWEY8/0ZxZhfuG0ABs4deYfv1hBF9Lon546C6dSRSyMoZ4D5AsaEae 8GOixvTStUo=Xsr+ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 09, 2023
•Important
Red Hat
98
security advisorymoderateRed HatRedHat 9.0 RHSA-2023-1981-01 Moderate: pcs Denial Of Service Fix
An update for pcs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: pcs security and bug fix update Advisory ID: RHSA-2023:1981-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1981 Issue date: 2023-04-25 CVE Names: CVE-2023-27530 CVE-2023-27539 ==================================================================== 1. Summary: An update for pcs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Resilient Storage EUS (v.9.0) - ppc64le, s390x, x86_64 3. Description: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530) * rubygem-rack: denial of service in header parsing (CVE-2023-27539) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Command 'pcs config checkpoint diff' does not show configuration differences between checkpoints (BZ#2180699) * [WebUI] fence levels prevent loading of cluster status (BZ#2183192) 4. Solution: Fordetails on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2176477 - CVE-2023-27530 rubygem-rack: Denial of service in Multipart MIME parsing 2179649 - CVE-2023-27539 rubygem-rack: denial of service in header parsing 2180699 - Command 'pcs config checkpoint diff' does not show configuration differences between checkpoints [rhel-9.0.0.z] 2183192 - [WebUI] fence levels prevent loading of cluster status [rhel-9.0.0.z] 6. Package List: Red Hat Enterprise Linux High Availability EUS (v.9.0): Source: pcs-0.11.1-10.el9_0.4.src.rpm aarch64: pcs-0.11.1-10.el9_0.4.aarch64.rpm pcs-snmp-0.11.1-10.el9_0.4.aarch64.rpm ppc64le: pcs-0.11.1-10.el9_0.4.ppc64le.rpm pcs-snmp-0.11.1-10.el9_0.4.ppc64le.rpm s390x: pcs-0.11.1-10.el9_0.4.s390x.rpm pcs-snmp-0.11.1-10.el9_0.4.s390x.rpm x86_64: pcs-0.11.1-10.el9_0.4.x86_64.rpm pcs-snmp-0.11.1-10.el9_0.4.x86_64.rpm Red Hat Enterprise Linux Resilient Storage EUS (v.9.0): Source: pcs-0.11.1-10.el9_0.4.src.rpm ppc64le: pcs-0.11.1-10.el9_0.4.ppc64le.rpm pcs-snmp-0.11.1-10.el9_0.4.ppc64le.rpm s390x: pcs-0.11.1-10.el9_0.4.s390x.rpm pcs-snmp-0.11.1-10.el9_0.4.s390x.rpm x86_64: pcs-0.11.1-10.el9_0.4.x86_64.rpm pcs-snmp-0.11.1-10.el9_0.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-27530 https://access.redhat.com/security/cve/CVE-2023-27539 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZEe/PNzjgjWX9erEAQi9UQ/+K7uC76CkEGReS7tFMeun6cIo2PJ+Np9T 5cTWSiw2f5JKHcZPxx1H5oxq/bOz3BvzBLDix4Srk3zYIrRJUBmfckJk7l+vYwOj 1FiFssp5idxEXevqx8rV4+bKKfQWVB07zeJAtnnDR/CuTOJKDdE/PP7RPljPsoE/ g1B53qFThV2+n0+rwXtYrawOUcTqW/920wBA3Pc14m4AZwFfjNkHB1dTGdipA3LU e0qi+PPUPOAg8w09jid4hQjSdlihKt9/ZCPfma6IrAwAEdIeq+2z8NV0im4EWSAS JxwMnIAx+CGI2NeJKd6ucywCXY1wkqw9BJLTVV5s7LYQ29xUHij66CX9rfZxvKAN 8G1oflIjFeg0+cZiNAHHGqmRD6StWclgr3rTJr6y/jAqgiGu7F7HaRuR58FsR/9u 2dyvvGG65AhenTTKkdMLR6lDODU4BJSWJn5i031gF9QIS0jMm+Do3qXRS6ZPD8fK QCpZK8t+D7FeM9ujIZkKfZCqsI1WhOHg7YNrDMdoCEKTr1dPANAePVY8YC39DrVZ T0CXcoaG+ji4sJDYPDiYli4MV50Ns3QqwY7ZiWaSI2zly908PW9bkOfPvQOdpK7E BsCkCRcfnGzoQX1xuE42NY7xdqkFTuGYsB5BpgXR77QGdRAnrIcW1WzBMNv8mpkJ Edh//ZLP2LI=W/x9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 25, 2023
Red Hat
98
security advisorybug fixRed Hat Enterprise LinuxRed Hat Enterprise Linux 8.4 RHSA-2023-1961-01 Moderate DoS Fixes
An update for pcs is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: pcs security and bug fix update Advisory ID: RHSA-2023:1961-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1961 Issue date: 2023-04-25 CVE Names: CVE-2023-27530 CVE-2023-27539 ==================================================================== 1. Summary: An update for pcs is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Resilient Storage EUS (v.8.4) - ppc64le, s390x, x86_64 3. Description: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530) * rubygem-rack: denial of service in header parsing (CVE-2023-27539) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Command 'pcs config checkpoint diff' does not show configuration differences between checkpoints (BZ#2180703) 4. Solution: For details on how to apply this update, which includes thechanges described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2176477 - CVE-2023-27530 rubygem-rack: Denial of service in Multipart MIME parsing 2179649 - CVE-2023-27539 rubygem-rack: denial of service in header parsing 2180703 - Command 'pcs config checkpoint diff' does not show configuration differences between checkpoints [rhel-8.4.0.z] 6. Package List: Red Hat Enterprise Linux High Availability EUS (v.8.4): Source: pcs-0.10.8-1.el8_4.4.src.rpm aarch64: pcs-0.10.8-1.el8_4.4.aarch64.rpm pcs-snmp-0.10.8-1.el8_4.4.aarch64.rpm ppc64le: pcs-0.10.8-1.el8_4.4.ppc64le.rpm pcs-snmp-0.10.8-1.el8_4.4.ppc64le.rpm s390x: pcs-0.10.8-1.el8_4.4.s390x.rpm pcs-snmp-0.10.8-1.el8_4.4.s390x.rpm x86_64: pcs-0.10.8-1.el8_4.4.x86_64.rpm pcs-snmp-0.10.8-1.el8_4.4.x86_64.rpm Red Hat Enterprise Linux Resilient Storage EUS (v.8.4): Source: pcs-0.10.8-1.el8_4.4.src.rpm ppc64le: pcs-0.10.8-1.el8_4.4.ppc64le.rpm pcs-snmp-0.10.8-1.el8_4.4.ppc64le.rpm s390x: pcs-0.10.8-1.el8_4.4.s390x.rpm pcs-snmp-0.10.8-1.el8_4.4.s390x.rpm x86_64: pcs-0.10.8-1.el8_4.4.x86_64.rpm pcs-snmp-0.10.8-1.el8_4.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2023-27530 https://access.redhat.com/security/cve/CVE-2023-27539 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBZEe/NtzjgjWX9erEAQiymRAAh7wVvEGzqhsCs1XGuq0lSzudo1boptSw PXKzaJampR25ecUOMs8QDELxNUuqsBbb1aDX3Y3oBLy3XEdkJb1sMErXCD1meOVH wDOP2GKuMO4YjwruV6QGZlgOhCtTpsvuvHYRGS6m6qiuvfSQlqmeofVwq/eUT3Kg SI4Ig8aNUOg3agF8YdSRVtrJZf+BfjZjjaldWSr/bWbHz2SgjTkJ/ZHCZ4UUCcgB L8Mi4pq4XDxXmLwJOguhOcEWKf8Y40X4sNPceOcV2WnPtH1FoyTy3Tck6Z4/lPh1 MYVfuWlEuX0iwKMJ+rpW1NzOWML0Uc5P7MVb3br9XLgHvTpJa1v3LEwbBGBTHyzb E+E0Z/EhMqKsb3KL+VczTGXgznPH4g6lby/mlRwXI5HYBAu/2JVJU/awDHE+RQlb Xeux9vthG2Ncztfls8NMRE2/JLMV8sxWqYSPq3lmPxw7NwISvVE0NGDyu1ijEDBL 6Q0yj0/kFCJx584uEAVXFFIDYLBIaiBB+bZNoGbDLDt/zjKXaeM/wFEHfFyI2yNp S8fCc4NxbhB2fE1Uqvpanxj54N4yVoqWYPSJLWd8AIvsaug6VbwhjDgncsNZZJCB D7Mg9eWqy6EF4nZ5wZVMOUoDlf/rF+Pk+SjOgE2phMPEXsAbfudMbPaEck1jCtMt KOfyPN8GR8I=l8Fw -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Apr 25, 2023
•Important
Red Hat
98
security advisorysecurity fixRed Hat Enterprise LinuxRed Hat 9: RHSA-2023-0974-01 Moderate: Pcs Security Fix for Sinatra
An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: pcs security update Advisory ID: RHSA-2023:0974-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0974 Issue date: 2023-02-28 CVE Names: CVE-2022-45442 ==================================================================== 1. Summary: An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability (v. 9) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Resilient Storage (v. 9) - ppc64le, s390x, x86_64 3. Description: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * sinatra: Reflected File Download attack (CVE-2022-45442) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2153363 - CVE-2022-45442 sinatra: Reflected File Download attack 6. Package List: Red Hat Enterprise LinuxHigh Availability (v. 9): Source: pcs-0.11.3-4.el9_1.2.src.rpm aarch64: pcs-0.11.3-4.el9_1.2.aarch64.rpm pcs-snmp-0.11.3-4.el9_1.2.aarch64.rpm ppc64le: pcs-0.11.3-4.el9_1.2.ppc64le.rpm pcs-snmp-0.11.3-4.el9_1.2.ppc64le.rpm s390x: pcs-0.11.3-4.el9_1.2.s390x.rpm pcs-snmp-0.11.3-4.el9_1.2.s390x.rpm x86_64: pcs-0.11.3-4.el9_1.2.x86_64.rpm pcs-snmp-0.11.3-4.el9_1.2.x86_64.rpm Red Hat Enterprise Linux Resilient Storage (v. 9): Source: pcs-0.11.3-4.el9_1.2.src.rpm ppc64le: pcs-0.11.3-4.el9_1.2.ppc64le.rpm pcs-snmp-0.11.3-4.el9_1.2.ppc64le.rpm s390x: pcs-0.11.3-4.el9_1.2.s390x.rpm pcs-snmp-0.11.3-4.el9_1.2.s390x.rpm x86_64: pcs-0.11.3-4.el9_1.2.x86_64.rpm pcs-snmp-0.11.3-4.el9_1.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-45442 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY/3zn9zjgjWX9erEAQid2w//R3tnfQRbeKj1PvEHhEDe+76h9hKXAdse 8lK2PdLZZDPGTv8CDIxHcpxgGfVVIYulfHGgput+NjiuMhGTUakCBmo2Gltrjvd2 eeah9m7ECIEA6S6pW5y4jELLYljgPYTzn6nhHCgLVhxYHfyqpohHe/cy1XGMD6UZ o0QIO/Bm4p1T6jXFVXTDXYHZ7fUx3oYcaP0D20wa+Tp+nfvnjknsNlw3b8kdQL4I PZsjvO5/qHf7VU2NhvVMpS+eQfTrSUpS62AG0YBwziat8s4RrT3kbHqPbrUuAIlm AiNLr6S6lfMKNGT18mogPIp47xq12yW2ulVU767eqaklMgfpVoxOaf6jNNfiLgWK Iknj8ty2gFKLQphh9nWaLz5f634ipNj+Es/xjeAAdXYo0ngPvmXXYiRMJfeBIozu eww2Z0HIig67gwQuNQmXj+EWerO4wqIKkSIx2RnezLAHlREWcxRzYtRAmSrfQjbB 1ikJu7Xl0Dl0H5+A2/8EIge+huy2ZMTJZQWQCFuhFYepcDTNf2bjEPo9eQh0LtjX /45K8mnLiFr9nSRb9WV1HBC5N6SaVbP50nEkppP7wFfndLkIGggIqJvU2Ib0zIbT HU7ZhO0McAftE/Wj6MnUvQbG9CSuIS0Gcadgp6KDuww8pKDVI96/H21HkMMDx3s9 b25kLfS/Mh4=lkF/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 28, 2023
Red Hat
219
security advisorymoderate severitypcs updateRocky Linux 8 RLSA-2023:0855 Moderate: pcs Reflected File Download
Moderate: pcs security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2023:0855", "synopsis": "Moderate: pcs security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for pcs.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n* sinatra: Reflected File Download attack (CVE-2022-45442)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2153363", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2153363", "description": ""}], "cves": [{"name": "CVE-2022-45442", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2022-45442", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "cvss3BaseScore": "8.8", "cwe": "CWE-494"}], "references": [], "publishedAt": "2023-02-22T01:08:55.795175Z", "rpms": {"Rocky Linux 8": {"nvras": ["pcs-0:0.10.14-5.el8_7.2.aarch64.rpm", "pcs-0:0.10.14-5.el8_7.2.src.rpm", "pcs-0:0.10.14-5.el8_7.2.x86_64.rpm", "pcs-snmp-0:0.10.14-5.el8_7.2.aarch64.rpm", "pcs-snmp-0:0.10.14-5.el8_7.2.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Routine security patch for Rocky Linux 8 targeting a reflected file download vulnerability. Urgent severity update released.. Rocky Linux Update, pcs Command-Line Configuration, Security Patch. . LinuxSecurity.com Team
Feb 22, 2023
Rocky Linux
98
security advisoryRed HatModerateRed Hat Enterprise Linux 8 RHSA-2023:0855-01 Moderate: pcs Download Risk
An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: pcs security update Advisory ID: RHSA-2023:0855-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0855 Issue date: 2023-02-21 CVE Names: CVE-2022-45442 ==================================================================== 1. Summary: An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Resilient Storage (v. 8) - ppc64le, s390x, x86_64 3. Description: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * sinatra: Reflected File Download attack (CVE-2022-45442) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2153363 - CVE-2022-45442 sinatra: Reflected File Download attack 6. Package List: Red Hat Enterprise LinuxHigh Availability (v. 8): Source: pcs-0.10.14-5.el8_7.2.src.rpm aarch64: pcs-0.10.14-5.el8_7.2.aarch64.rpm pcs-snmp-0.10.14-5.el8_7.2.aarch64.rpm ppc64le: pcs-0.10.14-5.el8_7.2.ppc64le.rpm pcs-snmp-0.10.14-5.el8_7.2.ppc64le.rpm s390x: pcs-0.10.14-5.el8_7.2.s390x.rpm pcs-snmp-0.10.14-5.el8_7.2.s390x.rpm x86_64: pcs-0.10.14-5.el8_7.2.x86_64.rpm pcs-snmp-0.10.14-5.el8_7.2.x86_64.rpm Red Hat Enterprise Linux Resilient Storage (v. 8): Source: pcs-0.10.14-5.el8_7.2.src.rpm ppc64le: pcs-0.10.14-5.el8_7.2.ppc64le.rpm pcs-snmp-0.10.14-5.el8_7.2.ppc64le.rpm s390x: pcs-0.10.14-5.el8_7.2.s390x.rpm pcs-snmp-0.10.14-5.el8_7.2.s390x.rpm x86_64: pcs-0.10.14-5.el8_7.2.x86_64.rpm pcs-snmp-0.10.14-5.el8_7.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-45442 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY/S5D9zjgjWX9erEAQgwSw/+JMDnL0Qlpl0Sf8yC8DY5CSTHgjcUScjg dtCeeQI3e6QnMUyXVuiuhjxDVs8YDAzl/x3iU/3ttIRulWBsFJ4dqWe2dHCeqqqa mPcbECYgZqlfftJ+e2z2gYSmyYej4h33h5DFhdpC9WuOQVZ4FZ1UEq2fCF9g3NXV 7chby7x5+2oQQcjLxhUQPOwV0MOzMHWj0s97mRJiioQIa2sqAZKPp8mFE+OIVlti RgzS5JAD5rkyiRhq7JZneouZIdLz29+c6N47+/n1ONBfg6ZujAw9uXMdGrGVu/RA mU43bSbWY2L6a7hGYNwORRT31CzT+n8onk4M3OQo6CFLgIbj+vGzaI85Sy8mDqS/ 3Yh/n0kDpqOzo+C6hxmvMx9Rq20Pb8aaZXy/vurj0gAERBL/9UG5qSegpJIFJqPi YdcyiUMNJ40BiqSCykdrKIP6YLKhjYaWqJ/efqEGzR5D+4lctx/l3tj3vFMk6xuy 8O+ULFMMZ2PhCKvRiqBVkGwnDaBwGOMxaoOYi3XAEsiw+ZA4wMS0I/uCU3u22/40 Q2NzhTCrCjdL8so3R/bCaC96u8gY4jdGlWabb2sDzKBG1eTnVX70lwNvH18MmEaS R1dKSJeZOctt2S8JeJnXjDcEzcUEwEaYKkUdQXa7uAvaUJmV64rQOi7YgSksVX/u oXeMiPHGGGw=zaHm -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Feb 21, 2023
Red Hat
98
security advisorysecurity fixRed Hat Enterprise LinuxRed Hat Enterprise Linux 8.4 RHSA-2023-0506-01 Moderate pcs Security Fix
An update for pcs is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: pcs security update Advisory ID: RHSA-2023:0506-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0506 Issue date: 2023-01-30 CVE Names: CVE-2022-45442 ==================================================================== 1. Summary: An update for pcs is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Resilient Storage EUS (v.8.4) - ppc64le, s390x, x86_64 3. Description: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * sinatra: Reflected File Download attack (CVE-2022-45442) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2153363 - CVE-2022-45442 sinatra: Reflected File Download attack 6. Package List: Red Hat Enterprise Linux HighAvailability EUS (v.8.4): Source: pcs-0.10.8-1.el8_4.3.src.rpm aarch64: pcs-0.10.8-1.el8_4.3.aarch64.rpm pcs-snmp-0.10.8-1.el8_4.3.aarch64.rpm ppc64le: pcs-0.10.8-1.el8_4.3.ppc64le.rpm pcs-snmp-0.10.8-1.el8_4.3.ppc64le.rpm s390x: pcs-0.10.8-1.el8_4.3.s390x.rpm pcs-snmp-0.10.8-1.el8_4.3.s390x.rpm x86_64: pcs-0.10.8-1.el8_4.3.x86_64.rpm pcs-snmp-0.10.8-1.el8_4.3.x86_64.rpm Red Hat Enterprise Linux Resilient Storage EUS (v.8.4): Source: pcs-0.10.8-1.el8_4.3.src.rpm ppc64le: pcs-0.10.8-1.el8_4.3.ppc64le.rpm pcs-snmp-0.10.8-1.el8_4.3.ppc64le.rpm s390x: pcs-0.10.8-1.el8_4.3.s390x.rpm pcs-snmp-0.10.8-1.el8_4.3.s390x.rpm x86_64: pcs-0.10.8-1.el8_4.3.x86_64.rpm pcs-snmp-0.10.8-1.el8_4.3.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-45442 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY9fxn9zjgjWX9erEAQjzqQ//Q/pHQg8FcCAOR0Bl9TWKGKflZkOdvBge VF7SeYJo6355Y3AEutv3Ub+hJjf1YlBJPc9zCbUXiKRku2yjcU0LVerddBm8Y4n8 PW7QhraflksICdBEl7O9QtE8bCSIqVPHryayaA5zQXAZFW4vbjzLan+Tz99UQTxZ 8eEKou/lyFdm6HhTzGA6XPfwXVD8byOYQO23kQkzJQLeWRyO7ouy2D+8e6rZdDYJ JK9dPGPUg5vVWh58nXrgpNJg5lZfhXcwdsYmFNVKVVqe6YPMmlWJbKd0aSufNfKd iUzyDqQb7bXgE2ylIxXY2YNse1qxmHmrjkII7+PP8Y9V+9EieY7Vx9dBkpgo/Qk/ CO83TFG++eu5fUSZuqNUEvX+WCwCRfkMUnmVi65Ms8BttNLqmiEx9r2VXO7wE9oI NH8kcs+AOwY/utCWO2nCOTCppF+9rWRnV8/kmzN1kxDS7HoJBrwpdQNsFmu5t5v3 MV+o46aVYLDc31lT7pZQERWWeWBsYlC6GawlpPGPx6yvMU/stbBe5SvffPx1aj9F JIFZbA0ek8Alxn1jDDNT/8tGrecYMByT0K8HRe6Pxk703hxKxulR9KWJeQjp7gRE TvFiY8DtH1LVa8HnUEJzvlJWiZcn2hL9nmHVstffEshRLqejwpCtlU1L5C2CQ9TD ojvEk41DKSk=LckJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 30, 2023
Red Hat
98
security advisoryRed Hat Enterprise Linuxmoderate severityRed Hat Enterprise Linux 8.2 RHSA-2023-0393-01 Moderate: pcs Update
An update for pcs is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: pcs security update Advisory ID: RHSA-2023:0393-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:0393 Issue date: 2023-01-24 CVE Names: CVE-2022-45442 ==================================================================== 1. Summary: An update for pcs is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability E4S (v. 8.2) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux High Availability TUS (v. 8.2) - aarch64, ppc64le, s390x, x86_64 3. Description: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * sinatra: Reflected File Download attack (CVE-2022-45442) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed(https://bugzilla.redhat.com/): 2153363 - CVE-2022-45442 sinatra: Reflected File Download attack 6. Package List: Red Hat Enterprise Linux High Availability E4S (v. 8.2): Source: pcs-0.10.4-6.el8_2.4.src.rpm aarch64: pcs-0.10.4-6.el8_2.4.aarch64.rpm pcs-snmp-0.10.4-6.el8_2.4.aarch64.rpm ppc64le: pcs-0.10.4-6.el8_2.4.ppc64le.rpm pcs-snmp-0.10.4-6.el8_2.4.ppc64le.rpm s390x: pcs-0.10.4-6.el8_2.4.s390x.rpm pcs-snmp-0.10.4-6.el8_2.4.s390x.rpm x86_64: pcs-0.10.4-6.el8_2.4.x86_64.rpm pcs-snmp-0.10.4-6.el8_2.4.x86_64.rpm Red Hat Enterprise Linux High Availability TUS (v. 8.2): Source: pcs-0.10.4-6.el8_2.4.src.rpm aarch64: pcs-0.10.4-6.el8_2.4.aarch64.rpm pcs-snmp-0.10.4-6.el8_2.4.aarch64.rpm ppc64le: pcs-0.10.4-6.el8_2.4.ppc64le.rpm pcs-snmp-0.10.4-6.el8_2.4.ppc64le.rpm s390x: pcs-0.10.4-6.el8_2.4.s390x.rpm pcs-snmp-0.10.4-6.el8_2.4.s390x.rpm x86_64: pcs-0.10.4-6.el8_2.4.x86_64.rpm pcs-snmp-0.10.4-6.el8_2.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-45442 https://access.redhat.com/security/updates/classification#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPGv1 iQIVAwUBY8+0PNzjgjWX9erEAQgNkA//edHjahjCaKOYb3cR/ahSnNXjhhl/x4nM lX18WSd2PpJ1KvUbVBXo2BL0jlfDBwTpFvdJmzTcxjrEM10i0B84c4DJDJfmcdI0 CWnh85UpwUpTGvqhxUpf8EWDNh6yrLrdDh1RjBc765/Ldy4ai67cqoCv2FzkCBRo sPtPQBLt6eVME/39tarbX3mwN6JUGPEiXmSkKv2KqN+Jf4kLzLjrs4Cj0/V0WXrW MZwMnVnfKqL+XerOCincbCvwfNByfN0seVj9wIkOaAu+Zz4YASXzZl8wtbkN3Gr5 UV0vZ68MegZPTLsvre+inn2DIQfBOH1xxN352Vz1q3lBu2TnyC/mC0Leun2lK7bY rbG7pz3piN4xOZNvOcPl0id0d6DMauDdZnNv9kF/A7K9EbqooMaR/H1I3CgsqIuo p3Mvrfx7GuLFUyGNkUMV5Gkm9Gdc64JLXFVA3kqTitp36dr2APx//D5KDbAZfWG3 fnTJgIRovcE0+/dt6RfFkFDufBh7vKYJLIf/2+GBKnDjTEXzjus627VSBXx3Z2wM 4fWCZe7YfYvQY0lxQMOKIXC1l5T+9LFgOnl7FcsgU/krR17pwU0zRBKOdKC8SsPa R1Lz0b/NKPh6ABykjKyoI/irdnp8Xy8M++98UsQHkI4oMvebl/nsx5BAjlzanBSZ FhiArI4ug2Y=YPWO -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 24, 2023
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!