Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2022-9513

Опубликовано: 30 июн. 2022
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2022-9513: pcs security update (IMPORTANT)

[0.11.1-10.el9_0.1]

  • Updated bundled rubygems: sinatra, rack-protection
  • Resolves: rhbz#2081333

[0.11.1-10]

  • Fixed snmp client
  • Fixed translating resource roles in colocation constraint
  • Resolves: rhbz#2048640

[0.11.1-9]

  • Fixed cluster destroy in web ui
  • Fixed covscan issue in web ui
  • Resolves: rhbz#2044409

[0.11.1-8]

  • Fixed 'pcs resource move' command
  • Fixed removing of unavailable fence-scsi storage device
  • Fixed ocf validation of ocf linbit drdb agent
  • Fixed creating empty cib
  • Updated pcs-web-ui
  • Resolves: rhbz#1990787 rhbz#2033248 rhbz#2039883 rhbz#2040420

[0.11.1-7]

  • Fixed enabling corosync-qdevice
  • Fixed resource update command when unable to get agent metadata
  • Fixed revert of disallowing to clone a group with a stonith
  • Resolves: rhbz#1811072 rhbz#2019836 rhbz#2032473

[0.11.1-6]

  • Rebased to latest upstream sources (see CHANGELOG.md)
  • Updated pcs web ui
  • Resolves: rhbz#1990787 rhbz#1997019 rhbz#2012129 rhbz#2024542 rhbz#2027678 rhbz#2027679

[0.11.1-5]

  • Rebased to latest upstream sources (see CHANGELOG.md)
  • Resolves: rhbz#1990787 rhbz#2018969 rhbz#2019836 rhbz#2023752 rhbz#2012129

[0.11.1-4]

  • Rebased to latest upstream sources (see CHANGELOG.md)
  • Updated pcs web ui
  • Enabled wui patching
  • Resolves: rhbz#1811072 rhbz#1945305 rhbz#1997019 rhbz#2012129

[0.11.1-1]

  • Rebased to latest upstream sources (see CHANGELOG.md)
  • Resolves: rhbz#1283805 rhbz#1910644 rhbz#1910645 rhbz#1956703 rhbz#1956706 rhbz#1985981 rhbz#1991957 rhbz#1996062 rhbz#1996067

[0.11.0.alpha.1-1]

  • Rebased to latest upstream sources (see CHANGELOG.md)
  • Updated pcs web ui
  • Resolves: rhbz#1283805 rhbz#1910644 rhbz#1910645 rhbz#1985981 rhbz#1991957 rhbz#1996067

[0.10.9-2]

  • Rebuilt for libffi 3.4.2 SONAME transition. Related: rhbz#1891914

[0.10.9-1]

  • Rebased to latest upstream sources (see CHANGELOG.md)
  • Resolves: rhbz#1991957

[0.10.8-11]

  • Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688

[0.10.8-10]

  • Rebased to latest upstream sources (see CHANGELOG.md)
  • Fixed web-ui build
  • Fixed tests for pacemaker 2.1
  • Resolves: rhbz#1975440 rhbz#1922302

[0.10.8-9]

  • Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065

[0.10.8-8]

  • Rebuild with fixed gaiting tests
  • Stopped bundling rubygem-json (use distribution package instead)
  • Fixed patches
  • Resolves: rhbz#1881064

[0.10.8-7]

  • Fixed License tag
  • Rebuild with fixed dependency for gating tier0 tests
  • Resolves: rhbz#1881064

[0.10.8-6]

  • Rebased to latest upstream sources (see CHANGELOG.md)
  • Removed clufter related commands
  • Resolves: rhbz#1881064

[0.10.8-5]

  • Updated pcs web ui node modules
  • Fixed build issue on low memory build hosts
  • Resolves: rhbz#1951272

[0.10.8-4]

  • Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

[0.10.8-3]

  • Replace pyOpenSSL with python-cryptography
  • Resolves: rhbz#1927404

[0.10.8-2]

  • Bundle rubygem depedencies and python3-tornado
  • Resolves: rhbz#1929710

[0.10.8-1]

  • Rebased to latest upstream sources (see CHANGELOG.md)
  • Updated pcs-web-ui
  • Updated bundled python dependency: dacite
  • Changed BuildRequires from git to git-core
  • Added conditional (Build)Requires: rubygem(rexml)
  • Added conditional Requires: rubygem(webrick)

[0.10.7-4]

[0.10.7-3]

[0.10.7-2]

  • Python 3.10 related fix

[0.10.7-1]

  • Rebased to latest upstream sources (see CHANGELOG.md)
  • Added dependency on python packages pyparsing and dateutil
  • Fixed virtual bundle provides for ember, handelbars, jquery and jquery-ui
  • Removed dependency on python3-clufter

[0.10.6-2]

[0.10.6-1]

  • Rebased to latest upstream sources (see CHANGELOG.md)
  • Updated pcs-web-ui
  • Stopped bundling tornado (use distribution package instead)
  • Stopped bundling rubygem-tilt (use distribution package instead)
  • Removed rubygem bundling
  • Removed unneeded BuildRequires: execstack, gcc, gcc-c++
  • Excluded some tests for tornado daemon

[0.10.5-8]

[0.10.5-7]

  • Use fixed upstream version of dacite with Python 3.9 support
  • Split upstream tests in gating into tiers

[0.10.5-6]

  • Use patched version of dacite compatible with Python 3.9
  • Resolves: rhbz#1838327

[0.10.5-5]

  • Rebuilt for Python 3.9

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

pcs

0.11.1-10.el9_0.1

pcs-snmp

0.11.1-10.el9_0.1

Oracle Linux x86_64

pcs

0.11.1-10.el9_0.1

pcs-snmp

0.11.1-10.el9_0.1

Связанные CVE

CVE-2022-29970

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2022-29970

CVSS3: 7.5
ubuntu
больше 3 лет назад

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

redhat логотип

CVE-2022-29970

CVSS3: 7.5
redhat
больше 3 лет назад

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

nvd логотип

CVE-2022-29970

CVSS3: 7.5
nvd
больше 3 лет назад

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

debian логотип

CVE-2022-29970

CVSS3: 7.5
debian
больше 3 лет назад

Sinatra before 2.2.0 does not validate that the expanded path matches ...

github логотип

GHSA-qp49-3pvw-x4m5

CVSS3: 7.5
github
больше 3 лет назад

sinatra does not validate expanded path matches