ELSA-2020-5724

Опубликовано: 12 июн. 2020

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2020-5724: pcs security update (IMPORTANT)

[0.10.4-6.0.1.el8_2.1]

Replace HAM-logo.png with a generic one

[0.10.4-6.el8_2.1]

Fixed running pcs status on remote nodes
Fixed ruby daemon closing connection after 30s
Fixed inability to create colocation constraint in webUI
Updated bundled rubygem-json
Resolves: rhbz#1832914 rhbz#1838084 rhbz#1840154 rhbz#1840158

[0.10.4-6]

Fixed communication between python and ruby daemons
Resolves: rhbz#1783106

[0.10.4-5]

Fixed link to sbd man page from doc
Fixed safe-disabling clones, groups, bundles
Fixed sinatra wrapper performance issue
Fixed detecting fence history support
Fixed cookie options
Updated hint for 'resource create ... master'
Updated gating tests execution, smoke tests run from upstream sources
Resolves: rhbz#1750427 rhbz#1781303 rhbz#1783106 rhbz#1793574

[0.10.4-4]

Fix testsuite for pacemaker-2.0.3-4
Resolves: rhbz#1792946

[0.10.4-3]

Added basic resource views in new webUI

Обновленные пакеты

Oracle Linux 8

Oracle Linux x86_64

pcs

0.10.4-6.0.1.el8_2.1

Связанные CVE

CVE-2020-10663

Ссылки на источники

Связанные уязвимости

CVE-2020-10663

CVSS3: 7.5

ubuntu

больше 5 лет назад

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar to CVE-2013-0269, but does not rely on poor garbage-collection behavior within Ruby. Specifically, use of JSON parsing methods can lead to creation of a malicious object within the interpreter, with adverse effects that are application-dependent.