Headline
RHSA-2022:4587: Red Hat Security Advisory: pcs security update
An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-29970: sinatra: path traversal possible outside of public_dir when serving static files
Synopsis
Important: pcs security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for pcs is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
- sinatra: path traversal possible outside of public_dir when serving static files (CVE-2022-29970)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux High Availability for x86_64 9 x86_64
- Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux Resilient Storage for x86_64 9 x86_64
- Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux Resilient Storage for IBM z Systems 9 s390x
- Red Hat Enterprise Linux High Availability for IBM z Systems 9 s390x
- Red Hat Enterprise Linux Resilient Storage for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux Resilient Storage for IBM Power LE - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux High Availability for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux High Availability (for IBM Power LE) - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux High Availability for ARM 64 9 aarch64
- Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 9.0 s390x
- Red Hat Enterprise Linux Resilient Storage for x86_64 - 4 years of updates 9.0 x86_64
- Red Hat Enterprise Linux Resilient Storage for Power LE - 4 years of updates 9.0 ppc64le
- Red Hat Enterprise Linux Resilient Storage for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2081096 - CVE-2022-29970 sinatra: path traversal possible outside of public_dir when serving static files
Red Hat Enterprise Linux High Availability for x86_64 9
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
x86_64
pcs-0.11.1-10.el9_0.1.x86_64.rpm
SHA-256: cb8a088772e1df58a801342aa54349209ea751fc9310f26ff93fa8c9d4a21df0
pcs-snmp-0.11.1-10.el9_0.1.x86_64.rpm
SHA-256: 519d167df1b4d6180542cad5c014fd96dc3e671bbc3b12ddac88fe320c9e992b
Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 9.0
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
x86_64
pcs-0.11.1-10.el9_0.1.x86_64.rpm
SHA-256: cb8a088772e1df58a801342aa54349209ea751fc9310f26ff93fa8c9d4a21df0
pcs-snmp-0.11.1-10.el9_0.1.x86_64.rpm
SHA-256: 519d167df1b4d6180542cad5c014fd96dc3e671bbc3b12ddac88fe320c9e992b
Red Hat Enterprise Linux Resilient Storage for x86_64 9
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
x86_64
pcs-0.11.1-10.el9_0.1.x86_64.rpm
SHA-256: cb8a088772e1df58a801342aa54349209ea751fc9310f26ff93fa8c9d4a21df0
pcs-snmp-0.11.1-10.el9_0.1.x86_64.rpm
SHA-256: 519d167df1b4d6180542cad5c014fd96dc3e671bbc3b12ddac88fe320c9e992b
Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 9.0
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
x86_64
pcs-0.11.1-10.el9_0.1.x86_64.rpm
SHA-256: cb8a088772e1df58a801342aa54349209ea751fc9310f26ff93fa8c9d4a21df0
pcs-snmp-0.11.1-10.el9_0.1.x86_64.rpm
SHA-256: 519d167df1b4d6180542cad5c014fd96dc3e671bbc3b12ddac88fe320c9e992b
Red Hat Enterprise Linux Resilient Storage for IBM z Systems 9
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
s390x
pcs-0.11.1-10.el9_0.1.s390x.rpm
SHA-256: 0ec63fa979ab848b1b5381a2d18a1364ae21d08c5b5f512a8e9e4eacb5f9a301
pcs-snmp-0.11.1-10.el9_0.1.s390x.rpm
SHA-256: ebb3260518bfb58ef262cb8b97b750248916c586ac62e688c76931871620a421
Red Hat Enterprise Linux High Availability for IBM z Systems 9
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
s390x
pcs-0.11.1-10.el9_0.1.s390x.rpm
SHA-256: 0ec63fa979ab848b1b5381a2d18a1364ae21d08c5b5f512a8e9e4eacb5f9a301
pcs-snmp-0.11.1-10.el9_0.1.s390x.rpm
SHA-256: ebb3260518bfb58ef262cb8b97b750248916c586ac62e688c76931871620a421
Red Hat Enterprise Linux Resilient Storage for Power, little endian 9
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
ppc64le
pcs-0.11.1-10.el9_0.1.ppc64le.rpm
SHA-256: a490b1097bdb5701190196aca5b6d9adfa136eab39ed0ce8a1499b0c19172701
pcs-snmp-0.11.1-10.el9_0.1.ppc64le.rpm
SHA-256: 250fb8778c2ef1b6b98e407062d2891a1f5fb58fba30877f24277b6c9bb400c6
Red Hat Enterprise Linux Resilient Storage for IBM Power LE - Extended Update Support 9.0
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
ppc64le
pcs-0.11.1-10.el9_0.1.ppc64le.rpm
SHA-256: a490b1097bdb5701190196aca5b6d9adfa136eab39ed0ce8a1499b0c19172701
pcs-snmp-0.11.1-10.el9_0.1.ppc64le.rpm
SHA-256: 250fb8778c2ef1b6b98e407062d2891a1f5fb58fba30877f24277b6c9bb400c6
Red Hat Enterprise Linux High Availability for Power, little endian 9
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
ppc64le
pcs-0.11.1-10.el9_0.1.ppc64le.rpm
SHA-256: a490b1097bdb5701190196aca5b6d9adfa136eab39ed0ce8a1499b0c19172701
pcs-snmp-0.11.1-10.el9_0.1.ppc64le.rpm
SHA-256: 250fb8778c2ef1b6b98e407062d2891a1f5fb58fba30877f24277b6c9bb400c6
Red Hat Enterprise Linux High Availability (for IBM Power LE) - Extended Update Support 9.0
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
ppc64le
pcs-0.11.1-10.el9_0.1.ppc64le.rpm
SHA-256: a490b1097bdb5701190196aca5b6d9adfa136eab39ed0ce8a1499b0c19172701
pcs-snmp-0.11.1-10.el9_0.1.ppc64le.rpm
SHA-256: 250fb8778c2ef1b6b98e407062d2891a1f5fb58fba30877f24277b6c9bb400c6
Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 9.0
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
ppc64le
pcs-0.11.1-10.el9_0.1.ppc64le.rpm
SHA-256: a490b1097bdb5701190196aca5b6d9adfa136eab39ed0ce8a1499b0c19172701
pcs-snmp-0.11.1-10.el9_0.1.ppc64le.rpm
SHA-256: 250fb8778c2ef1b6b98e407062d2891a1f5fb58fba30877f24277b6c9bb400c6
Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 9.0
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
x86_64
pcs-0.11.1-10.el9_0.1.x86_64.rpm
SHA-256: cb8a088772e1df58a801342aa54349209ea751fc9310f26ff93fa8c9d4a21df0
pcs-snmp-0.11.1-10.el9_0.1.x86_64.rpm
SHA-256: 519d167df1b4d6180542cad5c014fd96dc3e671bbc3b12ddac88fe320c9e992b
Red Hat Enterprise Linux High Availability for ARM 64 9
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
aarch64
pcs-0.11.1-10.el9_0.1.aarch64.rpm
SHA-256: 54e036118eb0f5b96f3f1eaeda86d5444e99759476b573287b75f295706fafe9
pcs-snmp-0.11.1-10.el9_0.1.aarch64.rpm
SHA-256: 4db61b9b0db158e4d0d63071b5c8035af74cbfa2799b595228aa8ae46cbfa44e
Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 9.0
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
s390x
pcs-0.11.1-10.el9_0.1.s390x.rpm
SHA-256: 0ec63fa979ab848b1b5381a2d18a1364ae21d08c5b5f512a8e9e4eacb5f9a301
pcs-snmp-0.11.1-10.el9_0.1.s390x.rpm
SHA-256: ebb3260518bfb58ef262cb8b97b750248916c586ac62e688c76931871620a421
Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 9.0
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
aarch64
pcs-0.11.1-10.el9_0.1.aarch64.rpm
SHA-256: 54e036118eb0f5b96f3f1eaeda86d5444e99759476b573287b75f295706fafe9
pcs-snmp-0.11.1-10.el9_0.1.aarch64.rpm
SHA-256: 4db61b9b0db158e4d0d63071b5c8035af74cbfa2799b595228aa8ae46cbfa44e
Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 9.0
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
s390x
pcs-0.11.1-10.el9_0.1.s390x.rpm
SHA-256: 0ec63fa979ab848b1b5381a2d18a1364ae21d08c5b5f512a8e9e4eacb5f9a301
pcs-snmp-0.11.1-10.el9_0.1.s390x.rpm
SHA-256: ebb3260518bfb58ef262cb8b97b750248916c586ac62e688c76931871620a421
Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 9.0
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
aarch64
pcs-0.11.1-10.el9_0.1.aarch64.rpm
SHA-256: 54e036118eb0f5b96f3f1eaeda86d5444e99759476b573287b75f295706fafe9
pcs-snmp-0.11.1-10.el9_0.1.aarch64.rpm
SHA-256: 4db61b9b0db158e4d0d63071b5c8035af74cbfa2799b595228aa8ae46cbfa44e
Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 9.0
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
s390x
pcs-0.11.1-10.el9_0.1.s390x.rpm
SHA-256: 0ec63fa979ab848b1b5381a2d18a1364ae21d08c5b5f512a8e9e4eacb5f9a301
pcs-snmp-0.11.1-10.el9_0.1.s390x.rpm
SHA-256: ebb3260518bfb58ef262cb8b97b750248916c586ac62e688c76931871620a421
Red Hat Enterprise Linux Resilient Storage for x86_64 - 4 years of updates 9.0
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
x86_64
pcs-0.11.1-10.el9_0.1.x86_64.rpm
SHA-256: cb8a088772e1df58a801342aa54349209ea751fc9310f26ff93fa8c9d4a21df0
pcs-snmp-0.11.1-10.el9_0.1.x86_64.rpm
SHA-256: 519d167df1b4d6180542cad5c014fd96dc3e671bbc3b12ddac88fe320c9e992b
Red Hat Enterprise Linux Resilient Storage for Power LE - 4 years of updates 9.0
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
ppc64le
pcs-0.11.1-10.el9_0.1.ppc64le.rpm
SHA-256: a490b1097bdb5701190196aca5b6d9adfa136eab39ed0ce8a1499b0c19172701
pcs-snmp-0.11.1-10.el9_0.1.ppc64le.rpm
SHA-256: 250fb8778c2ef1b6b98e407062d2891a1f5fb58fba30877f24277b6c9bb400c6
Red Hat Enterprise Linux Resilient Storage for IBM z Systems - 4 years of updates 9.0
SRPM
pcs-0.11.1-10.el9_0.1.src.rpm
SHA-256: f12d788a1fc0533ce3dce0c463b27aebfd458e102fa4c838e4dd0cb61089595c
s390x
pcs-0.11.1-10.el9_0.1.s390x.rpm
SHA-256: 0ec63fa979ab848b1b5381a2d18a1364ae21d08c5b5f512a8e9e4eacb5f9a301
pcs-snmp-0.11.1-10.el9_0.1.s390x.rpm
SHA-256: ebb3260518bfb58ef262cb8b97b750248916c586ac62e688c76931871620a421
Related news
An update is now available for Red Hat Satellite 6.12. The release contains a new version of Satellite and important security fixes for various components.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37136: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data * CVE-2021-37137: netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way * CVE-2022-22818: django: Possible XSS via '{% debug %}' template tag * CVE-2022-24836: nokogiri: ReDoS in HTML encoding detection * CVE-2022-25648: ruby-git: package vulnerable to Command Injection via git argument injection * CVE-2022-29970: sinatra: path traversal possible outside of public_dir when servin...
Red Hat Security Advisory 2022-4587-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.
Red Hat Security Advisory 2022-4661-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.
An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29970: sinatra: path traversal possible outside of public_dir when serving static files
Red Hat Security Advisory 2022-2253-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.
Red Hat Security Advisory 2022-2256-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.
Red Hat Security Advisory 2022-2255-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.
An update for pcs is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29970: sinatra: path traversal possible outside of public_dir when serving static files
An update for pcs is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29970: sinatra: path traversal possible outside of public_dir when serving static files
An update for pcs is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29970: sinatra: path traversal possible outside of public_dir when serving static files
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files.