The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix: * pcs: Privilege escalation via authorized user malicious REST call * pcs: Debug parameter removal bypass, allowing information disclosure * rack-protection: Timing attack in authenticity_token.rb For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. The CVE-2018-1079 issue was discovered by Ondrej Mular and the CVE-2018-1086 issue was discovered by Cedric Buissart .