CESA-2018:1060 -- centos 7 pcsID: oval:org.secpod.oval:def:204823 | Date: (C)2018-06-01 (M)2022-10-10 |
Class: PATCH | Family: unix |
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix: * pcs: Privilege escalation via authorized user malicious REST call * pcs: Debug parameter removal bypass, allowing information disclosure * rack-protection: Timing attack in authenticity_token.rb For more details about the security issue, including the impact, a CVSS score, and other related information, refer to the CVE page listed in the References section. The CVE-2018-1079 issue was discovered by Ondrej Mular and the CVE-2018-1086 issue was discovered by Cedric Buissart .