Описание
ELSA-2023-12595: pcs security update (IMPORTANT)
[0.11.4-7]
- Fix displaying differences between configuration checkpoints in "pcs config checkpoint diff" command
- Fix "pcs stonith update-scsi-devices" command which was broken since Pacemaker-2.1.5-rc1
- Fixed loading of cluster status in the web interface when fencing levels are configured
- Fixed a vulnerability in pcs-web-ui-node-modules
- Updated bundled rubygem rack
- Resolves: rhbz#2179901 rhbz#2180697 rhbz#2180704 rhbz#2180708 rhbz#2180978 rhbz#2183180
[0.11.4-6]
- Fixed broken filtering in create resource/fence device wizards in the web interface
- Added BuildRequires: pam - needed for tier0 tests during build
- Resolves: rhbz#2167471
[0.11.4-5]
- Fixed enabling/disabling sbd when cluster is not running
- Resolves: rhbz#2166249
[0.11.4-4]
- Rebuilt with fixed patches
- Resolves: rhbz#2158790 rhbz#2159454
[0.11.4-3]
- Allow time values in stonith-watchdog-time property
- Resource/stonith agent self-validation of instance attributes is now disabled by default, as many agents do not work with it properly.
- Updated bundled rubygems: rack, rack-protection, sinatra
- Added license for ruby2_keywords
- Resolves: rhbz#2158790 rhbz#2159454
[0.11.4-2]
- Fixed stopping of pcsd service using systemctl stop pcsd command
- Fixed smoke test execution during gating
- Added warning when omitting validation of misconfigured resource
- Fixed displaying of bool and integer values in pcs resource config command
- Updated bundled rubygems: ethon, rack-protection, sinatra
- Resolves: rhbz#2148124 rhbz#2151164 rhbz#2151524
[0.11.4-1]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Updated pcs-web-ui
- Resolves: rhbz#1620043 rhbz#2019464 rhbz#2099653 rhbz#2109633 rhbz#2112293 rhbz#2116295 rhbz#2117600 rhbz#2117601
[0.11.3-5]
- Rebased to latest upstream sources (see CHANGELOG.md)
- Updated pcs-web-ui
- Added bundled rubygem: childprocess
- Removed bundled rubygem: open4
- Updated bundled rubygems: mustermann, rack, rack-protection, rack-test, sinatra, tilt
- Resolves: rhbz#1493416 rhbz#1796827 rhbz#2059147 rhbz#2092950 rhbz#2112079 rhbz#2112270 rhbz#2112293 rhbz#2117599 rhbz#2117601
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
pcs
0.11.4-7.el9_2
pcs-snmp
0.11.4-7.el9_2
Oracle Linux x86_64
pcs
0.11.4-7.el9_2
pcs-snmp
0.11.4-7.el9_2
Связанные CVE
Связанные уязвимости
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and ...