Headline

RHSA-2022:4661: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

CVE-2022-29970: sinatra: path traversal possible outside of public_dir when serving static files

2 years ago

Red Hat Security Data

Open in Source

#vulnerability #linux #red_hat #ibm #sap

Synopsis

Important: pcs security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for pcs is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

Security Fix(es):

sinatra: path traversal possible outside of public_dir when serving static files (CVE-2022-29970)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

Red Hat Enterprise Linux High Availability for x86_64 8 x86_64
Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 8.6 x86_64
Red Hat Enterprise Linux Resilient Storage for x86_64 8 x86_64
Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 8.6 x86_64
Red Hat Enterprise Linux Resilient Storage for IBM z Systems 8 s390x
Red Hat Enterprise Linux High Availability for IBM z Systems 8 s390x
Red Hat Enterprise Linux Resilient Storage for Power, little endian 8 ppc64le
Red Hat Enterprise Linux Resilient Storage for IBM Power LE - Extended Update Support 8.6 ppc64le
Red Hat Enterprise Linux High Availability for Power, little endian 8 ppc64le
Red Hat Enterprise Linux High Availability (for IBM Power LE) - Extended Update Support 8.6 ppc64le
Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 8.6 ppc64le
Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Red Hat Enterprise Linux High Availability for ARM 64 8 aarch64
Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 8.6 s390x
Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 8.6 aarch64
Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 8.6 s390x
Red Hat Enterprise Linux High Availability for x86_64 - Telecommunications Update Service 8.6 x86_64

Fixes

BZ - 2081096 - CVE-2022-29970 sinatra: path traversal possible outside of public_dir when serving static files

References

https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=2081331

Red Hat Enterprise Linux High Availability for x86_64 8

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

x86_64

pcs-0.10.12-6.el8_6.1.x86_64.rpm

SHA-256: 4f67d2e6ec17425157766a75bfd9768b1cdd372b5a909010e8644224c4ac542f

pcs-snmp-0.10.12-6.el8_6.1.x86_64.rpm

SHA-256: a6ba7b5f2a43623de06bb16f6cf55a4167ccdcc03fb916d72675c274785ee6ca

Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 8.6

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

x86_64

pcs-0.10.12-6.el8_6.1.x86_64.rpm

SHA-256: 4f67d2e6ec17425157766a75bfd9768b1cdd372b5a909010e8644224c4ac542f

pcs-snmp-0.10.12-6.el8_6.1.x86_64.rpm

SHA-256: a6ba7b5f2a43623de06bb16f6cf55a4167ccdcc03fb916d72675c274785ee6ca

Red Hat Enterprise Linux Resilient Storage for x86_64 8

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

x86_64

pcs-0.10.12-6.el8_6.1.x86_64.rpm

SHA-256: 4f67d2e6ec17425157766a75bfd9768b1cdd372b5a909010e8644224c4ac542f

pcs-snmp-0.10.12-6.el8_6.1.x86_64.rpm

SHA-256: a6ba7b5f2a43623de06bb16f6cf55a4167ccdcc03fb916d72675c274785ee6ca

Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 8.6

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

x86_64

pcs-0.10.12-6.el8_6.1.x86_64.rpm

SHA-256: 4f67d2e6ec17425157766a75bfd9768b1cdd372b5a909010e8644224c4ac542f

pcs-snmp-0.10.12-6.el8_6.1.x86_64.rpm

SHA-256: a6ba7b5f2a43623de06bb16f6cf55a4167ccdcc03fb916d72675c274785ee6ca

Red Hat Enterprise Linux Resilient Storage for IBM z Systems 8

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

s390x

pcs-0.10.12-6.el8_6.1.s390x.rpm

SHA-256: 5fb02446461595a42528eb2fcbd20a75abc91b73d49941f81b35d8290f4c8184

pcs-snmp-0.10.12-6.el8_6.1.s390x.rpm

SHA-256: 94b52875abe44349b226086ed8105d9266c0a7c577eea9c156875db11aae32d1

Red Hat Enterprise Linux High Availability for IBM z Systems 8

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

s390x

pcs-0.10.12-6.el8_6.1.s390x.rpm

SHA-256: 5fb02446461595a42528eb2fcbd20a75abc91b73d49941f81b35d8290f4c8184

pcs-snmp-0.10.12-6.el8_6.1.s390x.rpm

SHA-256: 94b52875abe44349b226086ed8105d9266c0a7c577eea9c156875db11aae32d1

Red Hat Enterprise Linux Resilient Storage for Power, little endian 8

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

ppc64le

pcs-0.10.12-6.el8_6.1.ppc64le.rpm

SHA-256: d1da6d505c9e6ec0b1865b3c95527ec67f4ab50f5c9743acfe91388b021563b7

pcs-snmp-0.10.12-6.el8_6.1.ppc64le.rpm

SHA-256: 868d3bf01d6938dc8422c6af31e800f0a26469101231a8289fbb3694ac078926

Red Hat Enterprise Linux Resilient Storage for IBM Power LE - Extended Update Support 8.6

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

ppc64le

pcs-0.10.12-6.el8_6.1.ppc64le.rpm

SHA-256: d1da6d505c9e6ec0b1865b3c95527ec67f4ab50f5c9743acfe91388b021563b7

pcs-snmp-0.10.12-6.el8_6.1.ppc64le.rpm

SHA-256: 868d3bf01d6938dc8422c6af31e800f0a26469101231a8289fbb3694ac078926

Red Hat Enterprise Linux High Availability for Power, little endian 8

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

ppc64le

pcs-0.10.12-6.el8_6.1.ppc64le.rpm

SHA-256: d1da6d505c9e6ec0b1865b3c95527ec67f4ab50f5c9743acfe91388b021563b7

pcs-snmp-0.10.12-6.el8_6.1.ppc64le.rpm

SHA-256: 868d3bf01d6938dc8422c6af31e800f0a26469101231a8289fbb3694ac078926

Red Hat Enterprise Linux High Availability (for IBM Power LE) - Extended Update Support 8.6

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

ppc64le

pcs-0.10.12-6.el8_6.1.ppc64le.rpm

SHA-256: d1da6d505c9e6ec0b1865b3c95527ec67f4ab50f5c9743acfe91388b021563b7

pcs-snmp-0.10.12-6.el8_6.1.ppc64le.rpm

SHA-256: 868d3bf01d6938dc8422c6af31e800f0a26469101231a8289fbb3694ac078926

Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 8.6

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

ppc64le

pcs-0.10.12-6.el8_6.1.ppc64le.rpm

SHA-256: d1da6d505c9e6ec0b1865b3c95527ec67f4ab50f5c9743acfe91388b021563b7

pcs-snmp-0.10.12-6.el8_6.1.ppc64le.rpm

SHA-256: 868d3bf01d6938dc8422c6af31e800f0a26469101231a8289fbb3694ac078926

Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 8.6

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

x86_64

pcs-0.10.12-6.el8_6.1.x86_64.rpm

SHA-256: 4f67d2e6ec17425157766a75bfd9768b1cdd372b5a909010e8644224c4ac542f

pcs-snmp-0.10.12-6.el8_6.1.x86_64.rpm

SHA-256: a6ba7b5f2a43623de06bb16f6cf55a4167ccdcc03fb916d72675c274785ee6ca

Red Hat Enterprise Linux High Availability for ARM 64 8

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

aarch64

pcs-0.10.12-6.el8_6.1.aarch64.rpm

SHA-256: 9bc73283f2cc553f531a654beb2c389783d58f70b1f8a5d43fd1f80a8bacf3ab

pcs-snmp-0.10.12-6.el8_6.1.aarch64.rpm

SHA-256: a056515f4f095cc3cc81610a22d5a66e195cf6844d40a758251e553ab702b6a2

Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 8.6

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

s390x

pcs-0.10.12-6.el8_6.1.s390x.rpm

SHA-256: 5fb02446461595a42528eb2fcbd20a75abc91b73d49941f81b35d8290f4c8184

pcs-snmp-0.10.12-6.el8_6.1.s390x.rpm

SHA-256: 94b52875abe44349b226086ed8105d9266c0a7c577eea9c156875db11aae32d1

Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 8.6

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

aarch64

pcs-0.10.12-6.el8_6.1.aarch64.rpm

SHA-256: 9bc73283f2cc553f531a654beb2c389783d58f70b1f8a5d43fd1f80a8bacf3ab

pcs-snmp-0.10.12-6.el8_6.1.aarch64.rpm

SHA-256: a056515f4f095cc3cc81610a22d5a66e195cf6844d40a758251e553ab702b6a2

Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 8.6

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

s390x

pcs-0.10.12-6.el8_6.1.s390x.rpm

SHA-256: 5fb02446461595a42528eb2fcbd20a75abc91b73d49941f81b35d8290f4c8184

pcs-snmp-0.10.12-6.el8_6.1.s390x.rpm

SHA-256: 94b52875abe44349b226086ed8105d9266c0a7c577eea9c156875db11aae32d1

Red Hat Enterprise Linux High Availability for x86_64 - Telecommunications Update Service 8.6

SRPM

pcs-0.10.12-6.el8_6.1.src.rpm

SHA-256: b580f25ecf6e3b8104b78b447dd1b7d0652cf72f9d8df314d8d4ccef3b6b6cba

x86_64

pcs-0.10.12-6.el8_6.1.x86_64.rpm

SHA-256: 4f67d2e6ec17425157766a75bfd9768b1cdd372b5a909010e8644224c4ac542f

pcs-snmp-0.10.12-6.el8_6.1.x86_64.rpm

SHA-256: a6ba7b5f2a43623de06bb16f6cf55a4167ccdcc03fb916d72675c274785ee6ca

Related news

Red Hat Security Advisory 2022-8506-01

Red Hat Security Advisory 2022-8506-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include code execution, cross site scripting, denial of service, remote SQL injection, and traversal vulnerabilities.

1 year ago

Packet Storm

Open in Source

#sql #xss #vulnerability #web #ios #mac #google #linux #debian #red_hat #dos #apache #redis #js #git #java #perl #ldap #vmware #oauth #auth #ssh #ruby #rpm #mongo #postgres #docker #sap #ssl

RHSA-2022:8506: Red Hat Security Advisory: Satellite 6.12 Release

An update is now available for Red Hat Satellite 6.12. The release contains a new version of Satellite and important security fixes for various components.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37136: netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data * CVE-2021-37137: netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way * CVE-2022-22818: django: Possible XSS via '{% debug %}' template tag * CVE-2022-24836: nokogiri: ReDoS in HTML encoding detection * CVE-2022-25648: ruby-git: package vulnerable to Command Injection via git argument injection * CVE-2022-29970: sinatra: path traversal possible outside of public_dir when servin...

1 year ago

Red Hat Security Data

Open in Source

#sql #xss #web #ios #mac #google #linux #debian #red_hat #apache #redis #js #git #java #perl #ldap #vmware #oauth #auth #ssh #ruby #rpm #mongo #postgres #docker #sap #ssl

Red Hat Security Advisory 2022-4587-01

Red Hat Security Advisory 2022-4587-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.

2 years ago

Packet Storm

Open in Source

#vulnerability #mac #linux #red_hat #js #sap

Red Hat Security Advisory 2022-4661-01

Red Hat Security Advisory 2022-4661-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.

2 years ago

Packet Storm

Open in Source

#vulnerability #linux #red_hat #js

RHSA-2022:4587: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29970: sinatra: path traversal possible outside of public_dir when serving static files

2 years ago

Red Hat Security Data

Open in Source

#vulnerability #linux #red_hat #ibm #sap

Red Hat Security Advisory 2022-2253-01

Red Hat Security Advisory 2022-2253-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.

2 years ago

Packet Storm

Open in Source

#vulnerability #linux #red_hat #js #sap

Red Hat Security Advisory 2022-2256-01

Red Hat Security Advisory 2022-2256-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.

2 years ago

Packet Storm

Open in Source

#vulnerability #linux #red_hat

Red Hat Security Advisory 2022-2255-01

Red Hat Security Advisory 2022-2255-01 - The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Issues addressed include a traversal vulnerability.

2 years ago

Packet Storm

Open in Source

#vulnerability #linux #red_hat #sap

RHSA-2022:2253: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29970: sinatra: path traversal possible outside of public_dir when serving static files

2 years ago

Red Hat Security Data

Open in Source

#vulnerability #web #linux #red_hat #nodejs #js #java #kubernetes #aws #ibm #sap

RHSA-2022:2256: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29970: sinatra: path traversal possible outside of public_dir when serving static files

2 years ago

Red Hat Security Data

Open in Source

#vulnerability #web #linux #red_hat #nodejs #js #java #kubernetes #aws #ibm #sap

RHSA-2022:2255: Red Hat Security Advisory: pcs security update

An update for pcs is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-29970: sinatra: path traversal possible outside of public_dir when serving static files

2 years ago

Red Hat Security Data

Open in Source