14 matches found
Information Disclosure
The pcs packages provide a command-line tool and a web UI to configure and manage the Pacemaker and Corosync tools. It was found that the pcs daemon did not sign cookies containing session data that were sent to clients connecting via the pcsd web UI. A remote attacker could use this flaw to forg...
Fedora Update for pcs FEDORA-2015-8765
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PCS Daemon (pcsd) Cookie Signing Multiple Vulnerabilities
The remote host is affected by multiple vulnerabilities due to a failure by the PCS daemon pcsd to properly set flags in the 'Set-Cookie' header : - A security bypass vulnerability exists due to a failure to set the 'secure' flag. A remote attacker can exploit this to spoof cookies and bypass...
CentOS Update for pcs CESA-2015:0980 centos7
Check the version of pcs SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882178";...
CentOS Update for pcs CESA-2015:0990 centos6
Check the version of pcs SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882185";...
Fedora 20 : pcs-0.9.115-3.fc20 (2015-8761)
Fix for CVE-2015-1848, CVE-2015-3983 sessions not signed Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...
Fedora 21 : pcs-0.9.137-4.fc21 (2015-8788)
Fix for CVE-2015-1848, CVE-2015-3983 sessions not signed Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...
Fedora 22 : pcs-0.9.139-4.fc22 (2015-8765)
Fix for CVE-2015-1848, CVE-2015-3983 sessions not signed Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...
CVE-2015-1848
The CVE-2015-1848 entry concerns the PCS daemon (pcsd) in PCS 0.9.137 and earlier failing to set the Secure flag on cookies in HTTPS sessions (CVE-2015-1848); CVE-2015-3983 covers the related issue of not setting the HttpOnly flag. Multiple open-source advisories (Fedora/CentOS and related feeds)...
pcs, python security update
CentOS Errata and Security Advisory CESA-2015:0980 Updated pcs packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base...
RHEL 7 : pcs (RHSA-2015:0980)
Updated pcs packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CentOS 6 : pcs (CESA-2015:0990)
Updated pcs packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
CentOS 7 : pcs (CESA-2015:0980)
Updated pcs packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: pcs security and bug fix update
Updated pcs packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...