Download
| Alert*
oval:org.secpod.oval:def:603360
pcs is installed oval:org.secpod.oval:def:204273 The pcs package provides a configuration tool for Corosync and Pacemaker. It permits users to easily view, modify and create Pacemaker based clusters. The pcs package includes Rack, which provides a minimal interface between webservers that support Ruby and Ruby frameworks. A flaw was found in a way ... oval:org.secpod.oval:def:203621 pcs is installed oval:org.secpod.oval:def:204823 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix: * pcs: Privilege escalation via authorized user malicious REST call * pcs: Debug parameter removal bypass, allowing information disclosure * rack-protection: Timing attack in authen ... oval:org.secpod.oval:def:110251 pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters. oval:org.secpod.oval:def:204142 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. The following packages have been upgraded to a newer upstream version: pcs . Security Fix: * A Cross-Site Request Forgery flaw was found in the pcsd web UI. A remote attacker could provide a spec ... oval:org.secpod.oval:def:110253 pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters. oval:org.secpod.oval:def:203725 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute ... oval:org.secpod.oval:def:1506456 [0.10.14-5.0.1] - Replace HAM-logo.png with a generic one [0.10.14-5.el8_7.2] - Updated bundled rubygems: mustermann, rack, rack_protection, sinatra, tilt - Added license for rubygem ruby2_keywords - Resolves: rhbz#2159424 oval:org.secpod.oval:def:1506455 [0.11.3-4.el9_1.2] - Updated bundled rubygems: mustermann, rack, rack_protection, sinatra, tilt - Added license for rubygem ruby2_keywords - Resolves: rhbz#2159426 oval:org.secpod.oval:def:2500946 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. oval:org.secpod.oval:def:4501178 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix: * sinatra: Reflected File Download attack For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the ... oval:org.secpod.oval:def:1502193 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1700028 Debug parameter removal bypass, allowing information disclosureIt was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /run_pcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to eleva ... oval:org.secpod.oval:def:203721 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. A command injection flaw was found in the pcsd web UI. An attacker able to trick a victim that was logged in to the pcsd web UI into visiting a specially crafted URL could use this flaw to execute ... oval:org.secpod.oval:def:109525 pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters. oval:org.secpod.oval:def:109520 pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters. oval:org.secpod.oval:def:114288 pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters. oval:org.secpod.oval:def:204847 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix: * pcs: Debug parameter removal bypass, allowing information disclosure For more details about the security issue, including the impact, a CVSS score, and other related information, r ... oval:org.secpod.oval:def:603358 Cedric Buissart from Red Hat discovered an information disclosure bug in pcs, a pacemaker command line interface and GUI. The REST interface normally doesn"t allow passing --debug parameter to prevent information leak, but the check wasn"t sufficient. oval:org.secpod.oval:def:53301 Cedric Buissart from Red Hat discovered an information disclosure bug in pcs, a pacemaker command line interface and GUI. The REST interface normally doesn"t allow passing --debug parameter to prevent information leak, but the check wasn"t sufficient. oval:org.secpod.oval:def:114290 pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters. oval:org.secpod.oval:def:109130 pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters. oval:org.secpod.oval:def:109114 pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters. oval:org.secpod.oval:def:109142 pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters. oval:org.secpod.oval:def:125338 pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters. oval:org.secpod.oval:def:125334 pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters. oval:org.secpod.oval:def:125499 pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters. oval:org.secpod.oval:def:2600013 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. oval:org.secpod.oval:def:1505743 [0.10.12-6.0.1.el8_6.1] - Replace HAM-logo.png with a generic one [0.10.12-6.el8_6.1] - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz#2081331 oval:org.secpod.oval:def:2600376 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. oval:org.secpod.oval:def:125881 pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters. oval:org.secpod.oval:def:125885 pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters. oval:org.secpod.oval:def:112229 pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters. oval:org.secpod.oval:def:112225 pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and create pacemaker based clusters. oval:org.secpod.oval:def:1900327 ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster. oval:org.secpod.oval:def:1701287 The Ruby on Rails advisory describes this vulnerability as follows:Carefully crafted input can cause header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse headers using Rack are impacted oval:org.secpod.oval:def:87131 [0.11.3-4] - Fixed ruby socket permissions - Resolves: rhbz#2116841 [0.11.3-3] - Fixed booth ticket mode value case insensitive - Fixed booth sync check whether /etc/booth exists - Resolves: rhbz#2026725 rhbz#2058243 [0.11.3-2] - Fixed "pcs resource restart" traceback - Resolves: rhbz#2102663 [0.11. ... oval:org.secpod.oval:def:2600050 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. oval:org.secpod.oval:def:85667 Two security issues were discovered in pcs, a corosync and pacemaker configuration tool: CVE-2022-1049 It was discovered that expired accounts were still able to login via PAM. CVE-2022-2735 Ondrej Mular discovered that incorrect permissions on a Unix socket setup for internal communication could re ... oval:org.secpod.oval:def:1506236 [0.10.14-5.0.1] - Replace HAM-logo.png with a generic one [0.10.14-5] - Fixed ruby socket permissions - Resolves: rhbz#2116838 [0.10.14-4] - Fixed enable sbd from webui - Resolves: rhbz#2117650 [0.10.14-3] - Fixed pcs quorum device remove - Resolves: rhbz#2115326 [0.10.14-2] - Fixed booth ticket mod ... oval:org.secpod.oval:def:2500794 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. oval:org.secpod.oval:def:2500871 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. oval:org.secpod.oval:def:5800112 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix: * pcs: improper authentication via PAM For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE ... oval:org.secpod.oval:def:5800116 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix: * pcs: obtaining an authentication token for hacluster user could lead to privilege escalation For more details about the security issue, including the impact, a CVSS score, acknowle ... oval:org.secpod.oval:def:610113 Two security issues were discovered in pcs, a corosync and pacemaker configuration tool: CVE-2022-1049 It was discovered that expired accounts were still able to login via PAM. CVE-2022-2735 Ondrej Mular discovered that incorrect permissions on a Unix socket setup for internal communication could re ... oval:org.secpod.oval:def:1506015 [0.11.1-10.el9_0.2] - Fixed ruby socket permissions - Resolves: rhbz#2116839 oval:org.secpod.oval:def:4500071 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . For more details about the security issue, including the impact, a CVS ... oval:org.secpod.oval:def:4500081 Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby . For more details about the security issue, including the impact, a CVS ... oval:org.secpod.oval:def:1701082 A denial of service flaw was found in ruby-rack. An attacker crafting multipart POST requests can cause Rack's multipart parser to take much longer than expected, leading to a denial of service. A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause sh ... oval:org.secpod.oval:def:5800170 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix: * pcs: webpack: Regression of CVE-2023-28154 fixes in the Rocky Linux * rubygem-rack: Denial of service in Multipart MIME parsing * rubygem-rack: denial of service in header parsing ... oval:org.secpod.oval:def:1506778 [0.10.15-4.0.1.el8_8.1] - Replace HAM-logo.png with a generic one [0.10.15-4.el8_8.1] - Fix displaying differences between configuration checkpoints in pcs config checkpoint diff command - Fix pcs stonith update-scsi-devices command which was broken since Pacemaker-2.1.5-rc1 - Updated bundled rubyge ... oval:org.secpod.oval:def:1505291 [0.10.10-4.0.1] - Replace HAM-logo.png with a generic one [0.10.10-4] - Fixed unfencing in - Resolves: rhbz#bz1991654 [0.10.10-3] - Added add/remove syntax for command - Resolves: rhbz#1992668 [0.10.10-2] - Fixed create resources with depth operation attribute - Resolves: rhbz#1998454 [0.10.10-1] - ... oval:org.secpod.oval:def:4501230 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. The following packages have been upgraded to a later upstream version: pcs . Security Fix: * jquery: Cross-site scripting via HTML tags containing whitespaces * jquery: Untrusted code execution ... oval:org.secpod.oval:def:2500380 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. oval:org.secpod.oval:def:2501441 The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. |