Описание
ELSA-2021-9552: pcs security update (LOW)
[0.10.10-4.0.1]
- Replace HAM-logo.png with a generic one
[0.10.10-4]
- Fixed unfencing in
- Resolves: rhbz#bz1991654
[0.10.10-3]
- Added add/remove syntax for command
- Resolves: rhbz#1992668
[0.10.10-2]
- Fixed create resources with depth operation attribute
- Resolves: rhbz#1998454
[0.10.10-1]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Updated pcs-web-ui
- Resolves: rhbz#1885293 rhbz#1847102 rhbz#1935594
[0.10.9-1]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Resolves: rhbz#1432097 rhbz#1847102 rhbz#1935594 rhbz#1984901
[0.10.8-4]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Resolves: rhbz#1759995 rhbz#1872378 rhbz#1935594
[0.10.8-3]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Gating changes
- Resolves: rhbz#1678273 rhbz#1690419 rhbz#1750240 rhbz#1759995 rhbz#1872378 rhbz#1909901 rhbz#1935594
[0.10.8-2]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Updated pcs-web-ui
- Resolves: rhbz#1285269 rhbz#1290830 rhbz#1720221 rhbz#1841019 rhbz#1854238 rhbz#1882291 rhbz#1885302 rhbz#1886342 rhbz#1896458 rhbz#1922996 rhbz#1927384 rhbz#1927394 rhbz#1930886 rhbz#1935594
Обновленные пакеты
Oracle Linux 8
Oracle Linux x86_64
pcs
0.10.10-4.0.1.el8
pcs-snmp
0.10.10-4.0.1.el8
Связанные CVE
Связанные уязвимости
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load ...
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.