Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-2113

Опубликовано: 02 мая 2024
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2024-2113: pcs security update (MODERATE)

[0.11.7-2]

  • Fixed CVE-2024-25126, CVE-2024-26141, CVE-2024-26146 in bundled dependency rack Resolves: RHEL-26446, RHEL-26448, RHEL-26450

[0.11.7-1]

  • Rebased to the latest sources (see CHANGELOG.md) Resolves: RHEL-7740

[0.11.6-6]

  • Rebased to the latest upstream sources (see CHANGELOG.md) Resolves: RHEL-7582, RHEL-7583, RHEL-7669, RHEL-7672, RHEL-7697, RHEL-7698, RHEL-7700, RHEL-7703, RHEL-7719, RHEL-7725, RHEL-7730, RHEL-7738, RHEL-7739, RHEL-7740, RHEL-7744, RHEL-7746
  • TLS cipher setting in pcsd now follows system-wide crypto policies by default Resolves: RHEL-7724
  • Tightened permissions of bundled rubygems to be 755 or stricter Resolves: RHEL-7716

[0.11.6-5]

  • No changes, fixing an error in a new quality control process
  • Resolves: RHEL-15217

[0.11.6-4]

  • No changes, testing a new quality control process
  • Resolves: RHEL-15217

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

pcs

0.11.7-2.el9_4

pcs-snmp

0.11.7-2.el9_4

Oracle Linux x86_64

pcs

0.11.7-2.el9_4

pcs-snmp

0.11.7-2.el9_4

Связанные CVE

CVE-2024-26146
CVE-2024-25126
CVE-2024-26141

Ссылки на источники

Связанные уязвимости

suse-cvrf логотип

SUSE-SU-2024:0946-1

suse-cvrf
больше 1 года назад

Security update for rubygem-rack-1_4

suse-cvrf логотип

SUSE-SU-2024:0765-1

suse-cvrf
больше 1 года назад

Security update for rubygem-rack

oracle-oval логотип

ELSA-2024-2953

oracle-oval
около 1 года назад

ELSA-2024-2953: pcs security update (MODERATE)

redos логотип

ROS-20240508-01

CVSS3: 5.8
redos
около 1 года назад

Множественные уязвимости rubygem-rack

ubuntu логотип

CVE-2024-26146

CVSS3: 5.3
ubuntu
больше 1 года назад

Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.