Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:4587: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-29970: sinatra: path traversal possible outside of public_dir when serving static files
Red Hat Security Data
#vulnerability#linux#red_hat#ibm#sap

Synopsis

Important: pcs security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for pcs is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

Security Fix(es):

  • sinatra: path traversal possible outside of public_dir when serving static files (CVE-2022-29970)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux High Availability for x86_64 9 x86_64
  • Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux Resilient Storage for x86_64 9 x86_64
  • Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux Resilient Storage for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux High Availability for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux Resilient Storage for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux Resilient Storage for IBM Power LE - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux High Availability for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux High Availability (for IBM Power LE) - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux High Availability for ARM 64 9 aarch64
  • Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 9.0 s390x
  • Red Hat Enterprise Linux Resilient Storage for x86_64 - 4 years of updates 9.0 x86_64
  • Red Hat Enterprise Linux Resilient Storage for Power LE - 4 years of updates 9.0 ppc64le
  • Red Hat Enterprise Linux Resilient Storage for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2081096 - CVE-2022-29970 sinatra: path traversal possible outside of public_dir when serving static files

Red Hat Enterprise Linux High Availability for x86_64 9

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

x86_64

pcs-0.11.1-10.el9_0.1.x86_64.rpm

SHA-256: cb8a088772e1df58a801342aa54349209ea751fc9310f26ff93fa8c9d4a21df0

pcs-snmp-0.11.1-10.el9_0.1.x86_64.rpm

SHA-256: 519d167df1b4d6180542cad5c014fd96dc3e671bbc3b12ddac88fe320c9e992b

Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 9.0

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

x86_64

pcs-0.11.1-10.el9_0.1.x86_64.rpm

SHA-256: cb8a088772e1df58a801342aa54349209ea751fc9310f26ff93fa8c9d4a21df0

pcs-snmp-0.11.1-10.el9_0.1.x86_64.rpm

SHA-256: 519d167df1b4d6180542cad5c014fd96dc3e671bbc3b12ddac88fe320c9e992b

Red Hat Enterprise Linux Resilient Storage for x86_64 9

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

x86_64

pcs-0.11.1-10.el9_0.1.x86_64.rpm

SHA-256: cb8a088772e1df58a801342aa54349209ea751fc9310f26ff93fa8c9d4a21df0

pcs-snmp-0.11.1-10.el9_0.1.x86_64.rpm

SHA-256: 519d167df1b4d6180542cad5c014fd96dc3e671bbc3b12ddac88fe320c9e992b

Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 9.0

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

x86_64

pcs-0.11.1-10.el9_0.1.x86_64.rpm

SHA-256: cb8a088772e1df58a801342aa54349209ea751fc9310f26ff93fa8c9d4a21df0

pcs-snmp-0.11.1-10.el9_0.1.x86_64.rpm

SHA-256: 519d167df1b4d6180542cad5c014fd96dc3e671bbc3b12ddac88fe320c9e992b

Red Hat Enterprise Linux Resilient Storage for IBM z Systems 9

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

s390x

pcs-0.11.1-10.el9_0.1.s390x.rpm

SHA-256: 0ec63fa979ab848b1b5381a2d18a1364ae21d08c5b5f512a8e9e4eacb5f9a301

pcs-snmp-0.11.1-10.el9_0.1.s390x.rpm

SHA-256: ebb3260518bfb58ef262cb8b97b750248916c586ac62e688c76931871620a421

Red Hat Enterprise Linux High Availability for IBM z Systems 9

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

s390x

pcs-0.11.1-10.el9_0.1.s390x.rpm

SHA-256: 0ec63fa979ab848b1b5381a2d18a1364ae21d08c5b5f512a8e9e4eacb5f9a301

pcs-snmp-0.11.1-10.el9_0.1.s390x.rpm

SHA-256: ebb3260518bfb58ef262cb8b97b750248916c586ac62e688c76931871620a421

Red Hat Enterprise Linux Resilient Storage for Power, little endian 9

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

ppc64le

pcs-0.11.1-10.el9_0.1.ppc64le.rpm

SHA-256: a490b1097bdb5701190196aca5b6d9adfa136eab39ed0ce8a1499b0c19172701

pcs-snmp-0.11.1-10.el9_0.1.ppc64le.rpm

SHA-256: 250fb8778c2ef1b6b98e407062d2891a1f5fb58fba30877f24277b6c9bb400c6

Red Hat Enterprise Linux Resilient Storage for IBM Power LE - Extended Update Support 9.0

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

ppc64le

pcs-0.11.1-10.el9_0.1.ppc64le.rpm

SHA-256: a490b1097bdb5701190196aca5b6d9adfa136eab39ed0ce8a1499b0c19172701

pcs-snmp-0.11.1-10.el9_0.1.ppc64le.rpm

SHA-256: 250fb8778c2ef1b6b98e407062d2891a1f5fb58fba30877f24277b6c9bb400c6

Red Hat Enterprise Linux High Availability for Power, little endian 9

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

ppc64le

pcs-0.11.1-10.el9_0.1.ppc64le.rpm

SHA-256: a490b1097bdb5701190196aca5b6d9adfa136eab39ed0ce8a1499b0c19172701

pcs-snmp-0.11.1-10.el9_0.1.ppc64le.rpm

SHA-256: 250fb8778c2ef1b6b98e407062d2891a1f5fb58fba30877f24277b6c9bb400c6

Red Hat Enterprise Linux High Availability (for IBM Power LE) - Extended Update Support 9.0

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

ppc64le

pcs-0.11.1-10.el9_0.1.ppc64le.rpm

SHA-256: a490b1097bdb5701190196aca5b6d9adfa136eab39ed0ce8a1499b0c19172701

pcs-snmp-0.11.1-10.el9_0.1.ppc64le.rpm

SHA-256: 250fb8778c2ef1b6b98e407062d2891a1f5fb58fba30877f24277b6c9bb400c6

Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 9.0

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

ppc64le

pcs-0.11.1-10.el9_0.1.ppc64le.rpm

SHA-256: a490b1097bdb5701190196aca5b6d9adfa136eab39ed0ce8a1499b0c19172701

pcs-snmp-0.11.1-10.el9_0.1.ppc64le.rpm

SHA-256: 250fb8778c2ef1b6b98e407062d2891a1f5fb58fba30877f24277b6c9bb400c6

Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 9.0

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

x86_64

pcs-0.11.1-10.el9_0.1.x86_64.rpm

SHA-256: cb8a088772e1df58a801342aa54349209ea751fc9310f26ff93fa8c9d4a21df0

pcs-snmp-0.11.1-10.el9_0.1.x86_64.rpm

SHA-256: 519d167df1b4d6180542cad5c014fd96dc3e671bbc3b12ddac88fe320c9e992b

Red Hat Enterprise Linux High Availability for ARM 64 9

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

aarch64

pcs-0.11.1-10.el9_0.1.aarch64.rpm

SHA-256: 54e036118eb0f5b96f3f1eaeda86d5444e99759476b573287b75f295706fafe9

pcs-snmp-0.11.1-10.el9_0.1.aarch64.rpm

SHA-256: 4db61b9b0db158e4d0d63071b5c8035af74cbfa2799b595228aa8ae46cbfa44e

Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 9.0

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

s390x

pcs-0.11.1-10.el9_0.1.s390x.rpm

SHA-256: 0ec63fa979ab848b1b5381a2d18a1364ae21d08c5b5f512a8e9e4eacb5f9a301

pcs-snmp-0.11.1-10.el9_0.1.s390x.rpm

SHA-256: ebb3260518bfb58ef262cb8b97b750248916c586ac62e688c76931871620a421

Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 9.0

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

aarch64

pcs-0.11.1-10.el9_0.1.aarch64.rpm

SHA-256: 54e036118eb0f5b96f3f1eaeda86d5444e99759476b573287b75f295706fafe9

pcs-snmp-0.11.1-10.el9_0.1.aarch64.rpm

SHA-256: 4db61b9b0db158e4d0d63071b5c8035af74cbfa2799b595228aa8ae46cbfa44e

Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 9.0

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

s390x

pcs-0.11.1-10.el9_0.1.s390x.rpm

SHA-256: 0ec63fa979ab848b1b5381a2d18a1364ae21d08c5b5f512a8e9e4eacb5f9a301

pcs-snmp-0.11.1-10.el9_0.1.s390x.rpm

SHA-256: ebb3260518bfb58ef262cb8b97b750248916c586ac62e688c76931871620a421

Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 9.0

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

aarch64

pcs-0.11.1-10.el9_0.1.aarch64.rpm

SHA-256: 54e036118eb0f5b96f3f1eaeda86d5444e99759476b573287b75f295706fafe9

pcs-snmp-0.11.1-10.el9_0.1.aarch64.rpm

SHA-256: 4db61b9b0db158e4d0d63071b5c8035af74cbfa2799b595228aa8ae46cbfa44e

Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 9.0

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

s390x

pcs-0.11.1-10.el9_0.1.s390x.rpm

SHA-256: 0ec63fa979ab848b1b5381a2d18a1364ae21d08c5b5f512a8e9e4eacb5f9a301

pcs-snmp-0.11.1-10.el9_0.1.s390x.rpm

SHA-256: ebb3260518bfb58ef262cb8b97b750248916c586ac62e688c76931871620a421

Red Hat Enterprise Linux Resilient Storage for x86_64 - 4 years of updates 9.0

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

x86_64

pcs-0.11.1-10.el9_0.1.x86_64.rpm

SHA-256: cb8a088772e1df58a801342aa54349209ea751fc9310f26ff93fa8c9d4a21df0

pcs-snmp-0.11.1-10.el9_0.1.x86_64.rpm

SHA-256: 519d167df1b4d6180542cad5c014fd96dc3e671bbc3b12ddac88fe320c9e992b

Red Hat Enterprise Linux Resilient Storage for Power LE - 4 years of updates 9.0

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

ppc64le

pcs-0.11.1-10.el9_0.1.ppc64le.rpm

SHA-256: a490b1097bdb5701190196aca5b6d9adfa136eab39ed0ce8a1499b0c19172701

pcs-snmp-0.11.1-10.el9_0.1.ppc64le.rpm

SHA-256: 250fb8778c2ef1b6b98e407062d2891a1f5fb58fba30877f24277b6c9bb400c6

Red Hat Enterprise Linux Resilient Storage for IBM z Systems - 4 years of updates 9.0

SRPM

pcs-0.11.1-10.el9_0.1.src.rpm

SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c

s390x

pcs-0.11.1-10.el9_0.1.s390x.rpm

SHA-256: 0ec63fa979ab848b1b5381a2d18a1364ae21d08c5b5f512a8e9e4eacb5f9a301

pcs-snmp-0.11.1-10.el9_0.1.s390x.rpm

SHA-256: ebb3260518bfb58ef262cb8b97b750248916c586ac62e688c76931871620a421

Related news

RHSA-2022:8506: Red Hat Security Advisory: Satellite 6.12 Release

An update is now available for Red Hat Satellite 6.12. The release contains a new version of Satellite and important security fixes for various components.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37136: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data * CVE-2021-37137: netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way * CVE-2022-22818: django: Possible XSS via '{% debug %}' template tag * CVE-2022-24836: nokogiri: ReDoS in HTML encoding detection * CVE-2022-25648: ruby-git: package vulnerable to Command Injection via git argument injection * CVE-2022-29970: sinatra: path traversal possible outside of public_dir when servin...

Red Hat Security Advisory 2022-4587-01

Red Hat Security Advisory 2022-4587-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-4661-01

Red Hat Security Advisory 2022-4661-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.

RHSA-2022:4661: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29970: sinatra: path traversal possible outside of public_dir when serving static files

Red Hat Security Advisory 2022-2253-01

Red Hat Security Advisory 2022-2253-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-2256-01

Red Hat Security Advisory 2022-2256-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.

Red Hat Security Advisory 2022-2255-01

Red Hat Security Advisory 2022-2255-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.

RHSA-2022:2253: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29970: sinatra: path traversal possible outside of public_dir when serving static files

RHSA-2022:2256: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29970: sinatra: path traversal possible outside of public_dir when serving static files

RHSA-2022:2255: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29970: sinatra: path traversal possible outside of public_dir when serving static files

GHSA-qp49-3pvw-x4m5: sinatra does not validate expanded path matches

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.

CVE-2022-29970: Validate expanded path matches public_dir when serving static files by cji-stripe · Pull Request #1683 · sinatra/sinatra

Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.