Red Hat Product Errata RHSA-2018:1060 - Security Advisory

Issued:: 2018-04-10
Updated:: 2018-04-10

RHSA-2018:1060 - Security Advisory

Overview
Updated Packages

Synopsis

Important: pcs security update

Type/Severity

Security Advisory: Important

Topic

An update for pcs is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

Security Fix(es):

pcs: Privilege escalation via authorized user malicious REST call (CVE-2018-1079)
pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086)
rack-protection: Timing attack in authenticity_token.rb (CVE-2018-1000119)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

The CVE-2018-1079 issue was discovered by Ondrej Mular (Red Hat) and the CVE-2018-1086 issue was discovered by Cedric Buissart (Red Hat).

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux High Availability for x86_64 7 x86_64
Red Hat Enterprise Linux High Availability (for RHEL Server) - Extended Update Support 7.7 x86_64
Red Hat Enterprise Linux High Availability (for RHEL Server) - Extended Update Support 7.6 x86_64
Red Hat Enterprise Linux High Availability (for RHEL Server) - Extended Update Support 7.5 x86_64
Red Hat Enterprise Linux Resilient Storage for x86_64 7 x86_64
Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - Extended Update Support 7.7 x86_64
Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - Extended Update Support 7.6 x86_64
Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - Extended Update Support 7.5 x86_64
Red Hat Enterprise Linux Resilient Storage for IBM z Systems 7 s390x
Red Hat Enterprise Linux High Availability for IBM z Systems 7 s390x
Red Hat Enterprise Linux Resilient Storage for Power, little endian 7 ppc64le
Red Hat Enterprise Linux Resilient Storage (for IBM Power LE) - Extended Update Support 7.7 ppc64le
Red Hat Enterprise Linux Resilient Storage (for IBM Power LE) - Extended Update Support 7.6 ppc64le
Red Hat Enterprise Linux Resilient Storage (for IBM Power LE) - Extended Update Support 7.5 ppc64le
Red Hat Enterprise Linux High Availability for Power, little endian 7 ppc64le
Red Hat Enterprise Linux High Availability (for IBM Power LE) - Extended Update Support 7.7 ppc64le
Red Hat Enterprise Linux High Availability (for IBM Power LE) - Extended Update Support 7.6 ppc64le
Red Hat Enterprise Linux High Availability (for IBM Power LE) - Extended Update Support 7.5 ppc64le
Red Hat Enterprise Linux High Availabilty (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
Red Hat Enterprise Linux High Availabilty (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
Red Hat Enterprise Linux High Availability - Update Services for SAP Solutions 7.7 x86_64
Red Hat Enterprise Linux High Availability - Update Services for SAP Solutions 7.6 x86_64

Fixes

BZ - 1534027 - CVE-2018-1000119 rack-protection: Timing attack in authenticity_token.rb
BZ - 1550243 - CVE-2018-1079 pcs: Privilege escalation via authorized user malicious REST call
BZ - 1557366 - CVE-2018-1086 pcs: Debug parameter removal bypass, allowing information disclosure

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux High Availability for x86_64 7

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
x86_64
pcs-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 1555f9e0fda290e982c7623561a62842dfc6a402c9e276204a7771647d6cc327
pcs-debuginfo-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 4a9fc7ac430b85b57ce4eeafb70075349383d5cb4caba64c409b2e958c2a6856
pcs-snmp-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: e14d06f4f285d81ed227fe7ee8d1beb606612ead212a0057d5d75c013df3463a

Red Hat Enterprise Linux High Availability (for RHEL Server) - Extended Update Support 7.7

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
x86_64
pcs-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 1555f9e0fda290e982c7623561a62842dfc6a402c9e276204a7771647d6cc327
pcs-debuginfo-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 4a9fc7ac430b85b57ce4eeafb70075349383d5cb4caba64c409b2e958c2a6856
pcs-snmp-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: e14d06f4f285d81ed227fe7ee8d1beb606612ead212a0057d5d75c013df3463a

Red Hat Enterprise Linux High Availability (for RHEL Server) - Extended Update Support 7.6

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
x86_64
pcs-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 1555f9e0fda290e982c7623561a62842dfc6a402c9e276204a7771647d6cc327
pcs-debuginfo-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 4a9fc7ac430b85b57ce4eeafb70075349383d5cb4caba64c409b2e958c2a6856
pcs-snmp-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: e14d06f4f285d81ed227fe7ee8d1beb606612ead212a0057d5d75c013df3463a

Red Hat Enterprise Linux High Availability (for RHEL Server) - Extended Update Support 7.5

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
x86_64
pcs-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 1555f9e0fda290e982c7623561a62842dfc6a402c9e276204a7771647d6cc327
pcs-debuginfo-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 4a9fc7ac430b85b57ce4eeafb70075349383d5cb4caba64c409b2e958c2a6856
pcs-snmp-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: e14d06f4f285d81ed227fe7ee8d1beb606612ead212a0057d5d75c013df3463a

Red Hat Enterprise Linux Resilient Storage for x86_64 7

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
x86_64
pcs-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 1555f9e0fda290e982c7623561a62842dfc6a402c9e276204a7771647d6cc327
pcs-debuginfo-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 4a9fc7ac430b85b57ce4eeafb70075349383d5cb4caba64c409b2e958c2a6856
pcs-snmp-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: e14d06f4f285d81ed227fe7ee8d1beb606612ead212a0057d5d75c013df3463a

Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - Extended Update Support 7.7

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
x86_64
pcs-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 1555f9e0fda290e982c7623561a62842dfc6a402c9e276204a7771647d6cc327
pcs-debuginfo-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 4a9fc7ac430b85b57ce4eeafb70075349383d5cb4caba64c409b2e958c2a6856
pcs-snmp-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: e14d06f4f285d81ed227fe7ee8d1beb606612ead212a0057d5d75c013df3463a

Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - Extended Update Support 7.6

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
x86_64
pcs-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 1555f9e0fda290e982c7623561a62842dfc6a402c9e276204a7771647d6cc327
pcs-debuginfo-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 4a9fc7ac430b85b57ce4eeafb70075349383d5cb4caba64c409b2e958c2a6856
pcs-snmp-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: e14d06f4f285d81ed227fe7ee8d1beb606612ead212a0057d5d75c013df3463a

Red Hat Enterprise Linux Resilient Storage (for RHEL Server) - Extended Update Support 7.5

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
x86_64
pcs-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 1555f9e0fda290e982c7623561a62842dfc6a402c9e276204a7771647d6cc327
pcs-debuginfo-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 4a9fc7ac430b85b57ce4eeafb70075349383d5cb4caba64c409b2e958c2a6856
pcs-snmp-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: e14d06f4f285d81ed227fe7ee8d1beb606612ead212a0057d5d75c013df3463a

Red Hat Enterprise Linux Resilient Storage for IBM z Systems 7

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
s390x
pcs-0.9.162-5.el7_5.1.s390x.rpm	SHA-256: 49e133b6ae0f282e744e3aff32f65a5bd143998eb98aa5a6620b1c640fb3d6d2
pcs-debuginfo-0.9.162-5.el7_5.1.s390x.rpm	SHA-256: 35ddd4697f780d7fc237368f5164ad70270a84591f4f8cd8646f4b96ad217ae5
pcs-snmp-0.9.162-5.el7_5.1.s390x.rpm	SHA-256: c572bff4b40cff092c184af45191f96a7dc7e9d58d77ab5612919aa8a1692338

Red Hat Enterprise Linux High Availability for IBM z Systems 7

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
s390x
pcs-0.9.162-5.el7_5.1.s390x.rpm	SHA-256: 49e133b6ae0f282e744e3aff32f65a5bd143998eb98aa5a6620b1c640fb3d6d2
pcs-debuginfo-0.9.162-5.el7_5.1.s390x.rpm	SHA-256: 35ddd4697f780d7fc237368f5164ad70270a84591f4f8cd8646f4b96ad217ae5
pcs-snmp-0.9.162-5.el7_5.1.s390x.rpm	SHA-256: c572bff4b40cff092c184af45191f96a7dc7e9d58d77ab5612919aa8a1692338

Red Hat Enterprise Linux Resilient Storage for Power, little endian 7

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
ppc64le
pcs-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 95fdaeecc7526e7639a684a7edf5c586e55ff379da1d1cac41d877c52abd401c
pcs-debuginfo-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: d55b9609a93f5d863949900631d9d5a499473acb386d523650836abbc63ee171
pcs-snmp-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 659356ff474f2b4445c7b30efeedfa029643d0eb8a377bb2fea5662780239542

Red Hat Enterprise Linux Resilient Storage (for IBM Power LE) - Extended Update Support 7.7

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
ppc64le
pcs-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 95fdaeecc7526e7639a684a7edf5c586e55ff379da1d1cac41d877c52abd401c
pcs-debuginfo-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: d55b9609a93f5d863949900631d9d5a499473acb386d523650836abbc63ee171
pcs-snmp-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 659356ff474f2b4445c7b30efeedfa029643d0eb8a377bb2fea5662780239542

Red Hat Enterprise Linux Resilient Storage (for IBM Power LE) - Extended Update Support 7.6

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
ppc64le
pcs-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 95fdaeecc7526e7639a684a7edf5c586e55ff379da1d1cac41d877c52abd401c
pcs-debuginfo-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: d55b9609a93f5d863949900631d9d5a499473acb386d523650836abbc63ee171
pcs-snmp-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 659356ff474f2b4445c7b30efeedfa029643d0eb8a377bb2fea5662780239542

Red Hat Enterprise Linux Resilient Storage (for IBM Power LE) - Extended Update Support 7.5

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
ppc64le
pcs-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 95fdaeecc7526e7639a684a7edf5c586e55ff379da1d1cac41d877c52abd401c
pcs-debuginfo-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: d55b9609a93f5d863949900631d9d5a499473acb386d523650836abbc63ee171
pcs-snmp-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 659356ff474f2b4445c7b30efeedfa029643d0eb8a377bb2fea5662780239542

Red Hat Enterprise Linux High Availability for Power, little endian 7

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
ppc64le
pcs-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 95fdaeecc7526e7639a684a7edf5c586e55ff379da1d1cac41d877c52abd401c
pcs-debuginfo-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: d55b9609a93f5d863949900631d9d5a499473acb386d523650836abbc63ee171
pcs-snmp-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 659356ff474f2b4445c7b30efeedfa029643d0eb8a377bb2fea5662780239542

Red Hat Enterprise Linux High Availability (for IBM Power LE) - Extended Update Support 7.7

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
ppc64le
pcs-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 95fdaeecc7526e7639a684a7edf5c586e55ff379da1d1cac41d877c52abd401c
pcs-debuginfo-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: d55b9609a93f5d863949900631d9d5a499473acb386d523650836abbc63ee171
pcs-snmp-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 659356ff474f2b4445c7b30efeedfa029643d0eb8a377bb2fea5662780239542

Red Hat Enterprise Linux High Availability (for IBM Power LE) - Extended Update Support 7.6

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
ppc64le
pcs-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 95fdaeecc7526e7639a684a7edf5c586e55ff379da1d1cac41d877c52abd401c
pcs-debuginfo-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: d55b9609a93f5d863949900631d9d5a499473acb386d523650836abbc63ee171
pcs-snmp-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 659356ff474f2b4445c7b30efeedfa029643d0eb8a377bb2fea5662780239542

Red Hat Enterprise Linux High Availability (for IBM Power LE) - Extended Update Support 7.5

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
ppc64le
pcs-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 95fdaeecc7526e7639a684a7edf5c586e55ff379da1d1cac41d877c52abd401c
pcs-debuginfo-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: d55b9609a93f5d863949900631d9d5a499473acb386d523650836abbc63ee171
pcs-snmp-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 659356ff474f2b4445c7b30efeedfa029643d0eb8a377bb2fea5662780239542

Red Hat Enterprise Linux High Availabilty (for IBM Power LE) - Update Services for SAP Solutions 7.7

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
ppc64le
pcs-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 95fdaeecc7526e7639a684a7edf5c586e55ff379da1d1cac41d877c52abd401c
pcs-debuginfo-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: d55b9609a93f5d863949900631d9d5a499473acb386d523650836abbc63ee171
pcs-snmp-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 659356ff474f2b4445c7b30efeedfa029643d0eb8a377bb2fea5662780239542

Red Hat Enterprise Linux High Availabilty (for IBM Power LE) - Update Services for SAP Solutions 7.6

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
ppc64le
pcs-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 95fdaeecc7526e7639a684a7edf5c586e55ff379da1d1cac41d877c52abd401c
pcs-debuginfo-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: d55b9609a93f5d863949900631d9d5a499473acb386d523650836abbc63ee171
pcs-snmp-0.9.162-5.el7_5.1.ppc64le.rpm	SHA-256: 659356ff474f2b4445c7b30efeedfa029643d0eb8a377bb2fea5662780239542

Red Hat Enterprise Linux High Availability - Update Services for SAP Solutions 7.7

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
x86_64
pcs-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 1555f9e0fda290e982c7623561a62842dfc6a402c9e276204a7771647d6cc327
pcs-debuginfo-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 4a9fc7ac430b85b57ce4eeafb70075349383d5cb4caba64c409b2e958c2a6856
pcs-snmp-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: e14d06f4f285d81ed227fe7ee8d1beb606612ead212a0057d5d75c013df3463a

Red Hat Enterprise Linux High Availability - Update Services for SAP Solutions 7.6

SRPM
pcs-0.9.162-5.el7_5.1.src.rpm	SHA-256: 0090721156cb420b67ccd48232fb7677f70f7c3fe92e479b71ad4c8930a5b316
x86_64
pcs-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 1555f9e0fda290e982c7623561a62842dfc6a402c9e276204a7771647d6cc327
pcs-debuginfo-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: 4a9fc7ac430b85b57ce4eeafb70075349383d5cb4caba64c409b2e958c2a6856
pcs-snmp-0.9.162-5.el7_5.1.x86_64.rpm	SHA-256: e14d06f4f285d81ed227fe7ee8d1beb606612ead212a0057d5d75c013df3463a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.