Red Hat Product Errata RHSA-2020:2670 - Security Advisory
Issued:
2020-06-23
Updated:
2020-06-23

RHSA-2020:2670 - Security Advisory

Synopsis

Moderate: pcs security and bug fix update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for pcs is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

Security Fix(es):

  • rubygem-json: Unsafe Object Creation Vulnerability in JSON (CVE-2020-10663)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • [GUI] Colocation constraint can't be added (BZ#1840157)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 8.1 x86_64
  • Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 8.1 x86_64
  • Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Update Support 8.1 ppc64le
  • Red Hat Enterprise Linux High Availability for Power, little endian - Extended Update Support 8.1 ppc64le
  • Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 8.1 x86_64
  • Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 8.1 s390x
  • Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 8.1 aarch64
  • Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 8.1 s390x

Fixes

  • BZ - 1827500 - CVE-2020-10663 rubygem-json: Unsafe Object Creation Vulnerability in JSON
  • BZ - 1840157 - [GUI] Colocation constraint can't be added [rhel-8.1.0.z]

Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 8.1

SRPM
pcs-0.10.2-4.el8_1.1.src.rpm SHA-256: ea7894d0563a97bad45b01a58e1d27985daf7e3a6b1ac40f745297eca0b161da
x86_64
pcs-0.10.2-4.el8_1.1.x86_64.rpm SHA-256: beaa4cfa1f24f89aca65613ccfc2a170ef7651aa6105726e186ef65ee26b360d
pcs-snmp-0.10.2-4.el8_1.1.x86_64.rpm SHA-256: d1b533ba2248a19dec6ec235922380d3530e52d7b99a5ece5e9c4bc3da03ee7c

Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 8.1

SRPM
pcs-0.10.2-4.el8_1.1.src.rpm SHA-256: ea7894d0563a97bad45b01a58e1d27985daf7e3a6b1ac40f745297eca0b161da
x86_64
pcs-0.10.2-4.el8_1.1.x86_64.rpm SHA-256: beaa4cfa1f24f89aca65613ccfc2a170ef7651aa6105726e186ef65ee26b360d
pcs-snmp-0.10.2-4.el8_1.1.x86_64.rpm SHA-256: d1b533ba2248a19dec6ec235922380d3530e52d7b99a5ece5e9c4bc3da03ee7c

Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Update Support 8.1

SRPM
pcs-0.10.2-4.el8_1.1.src.rpm SHA-256: ea7894d0563a97bad45b01a58e1d27985daf7e3a6b1ac40f745297eca0b161da
ppc64le
pcs-0.10.2-4.el8_1.1.ppc64le.rpm SHA-256: 0524ab1421ffb33e32d5da96b1324996bf50b07afc91ecca16ae533dfbafb774
pcs-snmp-0.10.2-4.el8_1.1.ppc64le.rpm SHA-256: 2c595a51da733398c35f2f1a2bf56951b3160a9075119a24638d6e79f0a85d86

Red Hat Enterprise Linux High Availability for Power, little endian - Extended Update Support 8.1

SRPM
pcs-0.10.2-4.el8_1.1.src.rpm SHA-256: ea7894d0563a97bad45b01a58e1d27985daf7e3a6b1ac40f745297eca0b161da
ppc64le
pcs-0.10.2-4.el8_1.1.ppc64le.rpm SHA-256: 0524ab1421ffb33e32d5da96b1324996bf50b07afc91ecca16ae533dfbafb774
pcs-snmp-0.10.2-4.el8_1.1.ppc64le.rpm SHA-256: 2c595a51da733398c35f2f1a2bf56951b3160a9075119a24638d6e79f0a85d86

Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 8.1

SRPM
pcs-0.10.2-4.el8_1.1.src.rpm SHA-256: ea7894d0563a97bad45b01a58e1d27985daf7e3a6b1ac40f745297eca0b161da
ppc64le
pcs-0.10.2-4.el8_1.1.ppc64le.rpm SHA-256: 0524ab1421ffb33e32d5da96b1324996bf50b07afc91ecca16ae533dfbafb774
pcs-snmp-0.10.2-4.el8_1.1.ppc64le.rpm SHA-256: 2c595a51da733398c35f2f1a2bf56951b3160a9075119a24638d6e79f0a85d86

Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 8.1

SRPM
pcs-0.10.2-4.el8_1.1.src.rpm SHA-256: ea7894d0563a97bad45b01a58e1d27985daf7e3a6b1ac40f745297eca0b161da
x86_64
pcs-0.10.2-4.el8_1.1.x86_64.rpm SHA-256: beaa4cfa1f24f89aca65613ccfc2a170ef7651aa6105726e186ef65ee26b360d
pcs-snmp-0.10.2-4.el8_1.1.x86_64.rpm SHA-256: d1b533ba2248a19dec6ec235922380d3530e52d7b99a5ece5e9c4bc3da03ee7c

Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 8.1

SRPM
pcs-0.10.2-4.el8_1.1.src.rpm SHA-256: ea7894d0563a97bad45b01a58e1d27985daf7e3a6b1ac40f745297eca0b161da
s390x
pcs-0.10.2-4.el8_1.1.s390x.rpm SHA-256: 23bb94755f7fcd80d4dfeaa0dfe902eae10a62327c99d6f784e6dfc568eb605f
pcs-snmp-0.10.2-4.el8_1.1.s390x.rpm SHA-256: f9bb08c29f02e66fdff2a0adb3558f2d1de76a1d7f82ce74558ffc8a4bee7a78

Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 8.1

SRPM
pcs-0.10.2-4.el8_1.1.src.rpm SHA-256: ea7894d0563a97bad45b01a58e1d27985daf7e3a6b1ac40f745297eca0b161da
aarch64
pcs-0.10.2-4.el8_1.1.aarch64.rpm SHA-256: d95d13d8622fad9dc3b39dc68bdf09bacef4a340072ad7b41965e365ab22c37e
pcs-snmp-0.10.2-4.el8_1.1.aarch64.rpm SHA-256: 77fcf07372e63b497065d507673e36537b02a9b6b21de0d1d4ab14416d9727b0

Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 8.1

SRPM
pcs-0.10.2-4.el8_1.1.src.rpm SHA-256: ea7894d0563a97bad45b01a58e1d27985daf7e3a6b1ac40f745297eca0b161da
s390x
pcs-0.10.2-4.el8_1.1.s390x.rpm SHA-256: 23bb94755f7fcd80d4dfeaa0dfe902eae10a62327c99d6f784e6dfc568eb605f
pcs-snmp-0.10.2-4.el8_1.1.s390x.rpm SHA-256: f9bb08c29f02e66fdff2a0adb3558f2d1de76a1d7f82ce74558ffc8a4bee7a78

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.