Moderate: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as havin...

Moderate: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: pcs security update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing CVE-2024-25126 rubygem-rack: Possible DoS Vulnerability with Range Header in Rack CVE-2024-26141...

Moderate: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impa...

Moderate: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

USN-6711-1: CRM shell vulnerability

Vincent Berg discovered that CRM shell incorrectly handled certain commands. An local attacker could possibly use this issue to execute arbitrary code via shell code injection to the crm history commandline...

openSUSE: Security Advisory for sbd (SUSE-SU-2023:0002-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

libqb security update

2.0.6-4 - bump rpm version for rhel-exception build Resolves: rhbz2230712 2.0.6-3 - blackbox: fix buffer overflow with long log lines Resolves: rhbz2236171 2.0.6-1 - ipc: Retry receiving credentials if the the message is short Resolves: rhbz2149647 2.0.6-1 - Rebase to 2.0.6 Resolves: rhbz2072903...

Low: Red Hat Security Advisory: pcs security, bug fix, and enhancement update

An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

Rocky Linux 9 : pcs (RLSA-2022:7935)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7935 advisory. - A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using...

Low: pcs security, bug fix, and enhancement update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: decode-uri-component: improper input validation resulting in DoS CVE-2022-38900 For more details about the security issues, including the impact, a CVSS score, acknowledgments, a...

SUSE CVE-2022-1049

A flaw was found in the Pacemaker configuration tool pcs. The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login...

SUSE CVE-2022-2735

A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw...

Security Bulletin: A vulnerability in libqb affects IBM® Db2® High-Availability deployments using Pacemaker (CVE-2023-39976)

Summary A vulnerability in libqb affects IBM® Db2® High-Availability deployments using Pacemaker. Vulnerability Details CVEID:CVE-2023-39976 DESCRIPTION: ClusterLabs libqb is vulnerable to a buffer overflow, caused by improper bounds checking by the qbvsnprintfserialize function in logblackbox.c...

Pacemaker: Multiple Vulnerabilities

Background Pacemaker is an Open Source, High Availability resource manager suitable for both small and large clusters. Description Multiple vulnerabilities have been discovered in Pacemaker. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...

GLSA-202309-09 : Pacemaker: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202309-09 Pacemaker: Multiple Vulnerabilities - A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with...

Oracle Linux 7 : pacemaker (ELSA-2020-5453)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5453 advisory. - Prevent ACL bypass CVE-2020-25654 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

Oracle Linux 6 : pacemaker (ELSA-2013-1635)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-1635 advisory. 1.1.10-14 - Log: crmd: Supply arguments in the correct order Resolves: rhbz996850 - Fix: Invalid formatting of log message causes crash Resolves: rhbz996850...

pacemaker bug fix update

An update is available for pacemaker. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Pacemaker cluster resource manager is a collection of technologies...