Issued:: 2023-01-24
Updated:: 2023-01-24

RHSA-2023:0393 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: pcs security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for pcs is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

Security Fix(es):

sinatra: Reflected File Download attack (CVE-2022-45442)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 8.2 ppc64le
Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Red Hat Enterprise Linux High Availability for x86_64 - Telecommunications Update Service 8.2 x86_64

Fixes

BZ - 2153363 - CVE-2022-45442 sinatra: Reflected File Download attack

CVEs

CVE-2022-45442

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 8.2

SRPM
pcs-0.10.4-6.el8_2.4.src.rpm	SHA-256: cd227cc1ea56f709f152a8272cce275daa929d2eef2ab8634689727a3b5b42be
ppc64le
pcs-0.10.4-6.el8_2.4.ppc64le.rpm	SHA-256: c08e0cb078af073145b8ae319bf874954192d41d583baf622f78b407a9a71012
pcs-snmp-0.10.4-6.el8_2.4.ppc64le.rpm	SHA-256: 2ffacfa4e9726911d719976fbf6affc6977eef5e31a774b7dfa04fd5104e84de

Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 8.2

SRPM
pcs-0.10.4-6.el8_2.4.src.rpm	SHA-256: cd227cc1ea56f709f152a8272cce275daa929d2eef2ab8634689727a3b5b42be
x86_64
pcs-0.10.4-6.el8_2.4.x86_64.rpm	SHA-256: 97be237470befe50708be2c0c999665f00b7217fd481a1c6a5fd5ac5af503d61
pcs-snmp-0.10.4-6.el8_2.4.x86_64.rpm	SHA-256: 58347237494eb2885d442be87ee2c6b92d56c052eee7331db26a67567554944f

Red Hat Enterprise Linux High Availability for x86_64 - Telecommunications Update Service 8.2

SRPM
pcs-0.10.4-6.el8_2.4.src.rpm	SHA-256: cd227cc1ea56f709f152a8272cce275daa929d2eef2ab8634689727a3b5b42be
x86_64
pcs-0.10.4-6.el8_2.4.x86_64.rpm	SHA-256: 97be237470befe50708be2c0c999665f00b7217fd481a1c6a5fd5ac5af503d61
pcs-snmp-0.10.4-6.el8_2.4.x86_64.rpm	SHA-256: 58347237494eb2885d442be87ee2c6b92d56c052eee7331db26a67567554944f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation