[El-errata] ELSA-2018-1060 Important: Oracle Linux 7 pcs security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Mon Apr 30 18:07:19 PDT 2018
Oracle Linux Security Advisory ELSA-2018-1060
http://linux.oracle.com/errata/ELSA-2018-1060.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
pcs-0.9.162-5.0.3.el7_5.1.x86_64.rpm
pcs-snmp-0.9.162-5.0.3.el7_5.1.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/pcs-0.9.162-5.0.3.el7_5.1.src.rpm
Description of changes:
[0.9.162-5.0.3.el7_5.1]
- Unlike RHEL we DO have corosync/pacemaker for aarch64 on EL7
- replace logo pcsd/public/favicon.ico in tarball
- remove Source1 HAM-logo.png
[0.9.162-5.el7_5.1]
- Fixed CVE-2018-1086 pcs: Debug parameter removal bypass, allowing
information disclosure
- Fixed CVE-2018-1079 pcs: Privilege escalation via authorized user
malicious REST call
- Fixed CVE-2018-1000119 rack-protection: Timing attack in
authenticity_token.rb
- Resolves: rhbz#1557253
More information about the El-errata
mailing list