20 matches found
NewStart CGSL MAIN 4.05 : pcs Vulnerability (NS-SA-2019-0143)
The remote NewStart CGSL host, running version MAIN 4.05, has pcs packages installed that are affected by a vulnerability: - It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A...
NewStart CGSL CORE 5.04 / MAIN 5.04 : pcs Multiple Vulnerabilities (NS-SA-2019-0042)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has pcs packages installed that are affected by multiple vulnerabilities: - Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in...
Fedora 28 : pcs (2018-bbfb0f5bc9)
Security fix for CVE-2018-1086 and CVE-2018-1079 Rebased to latest upstream sources Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible witho...
[SECURITY] [DSA 4339-1] ceph security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4339-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 13, 2018 https://www.debian.org/security/faq -...
Scientific Linux Security Update : pcs on SL6.x i386/x86_64 (20180619)
Security Fixes : - pcs: Debug parameter removal bypass, allowing information disclosure CVE-2018-1086 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid110889; scriptversion"1.6";...
CentOS 6 : pcs (CESA-2018:1927)
An update for pcs is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
pcs security update
CentOS Errata and Security Advisory CESA-2018:1927 An update for pcs is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Moderate: Red Hat Security Advisory: pcs security update
An update for pcs is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...
RHEL 6 : pcs (RHSA-2018:1927)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:1927 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: pcs: Debug parameter removal...
CentOS Update for pcs CESA-2018:1060 centos7
Check the version of pcs SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882895";...
CentOS 7 : pcs (CESA-2018:1060)
An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
pcs security update
CentOS Errata and Security Advisory CESA-2018:1060 An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Scientific Linux Security Update : pcs on SL7.x x86_64 (20180410)
Security Fixes : - pcs: Privilege escalation via authorized user malicious REST call CVE-2018-1079 - pcs: Debug parameter removal bypass, allowing information disclosure CVE-2018-1086 - rack-protection: Timing attack in authenticitytoken.rb CVE-2018-1000119 C Tenable Network Security, Inc. The...
Oracle Linux 7 : pcs (ELSA-2018-1060)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-1060 advisory. - Fixed CVE-2018-1086 pcs: Debug parameter removal bypass, allowing information disclosure - Fixed CVE-2018-1079 pcs: Privilege escalation via authoriz...
Amazon Linux 2 : pcs (ALAS-2018-1005)
Debug parameter removal bypass, allowing information disclosure It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to...
Fedora Update for pcs FEDORA-2018-57bbe74c6c
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 27 : pcs (2018-57bbe74c6c)
Security fix for CVE-2018-1086 and CVE-2018-1079 Rebased to latest upstream sources Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible witho...
CVE-2018-1086
CVE-2018-1086 affects the pcs/pcsd REST interface where the debug argument is not removed from the /run_pcs query, allowing information disclosure and privilege escalation for a remote attacker with a valid token. Affected are pcs before versions 0.9.164 and 0.10 (per multiple advisories). Remedi...
Important: Red Hat Security Advisory: pcs security update
An update for pcs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
CVE-2018-1086
It was found that the REST interface of the pcsd service did not properly remove the pcs debug argument from the /runpcs query, possibly disclosing sensitive information. A remote attacker with a valid token could use this flaw to elevate their privilege...