红帽产品勘误 RHSA-2023:0527 - Security Advisory
发布:
2023-01-30
已更新:
2023-01-30

RHSA-2023:0527 - Security Advisory

概述

Moderate: pcs security update

类型/严重性

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for pcs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

Security Fix(es):

  • sinatra: Reflected File Download attack (CVE-2022-45442)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux High Availability for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 9.0 s390x
  • Red Hat Enterprise Linux Resilient Storage for x86_64 - 4 years of updates 9.0 x86_64
  • Red Hat Enterprise Linux Resilient Storage for Power, little endian - 4 years of updates 9.0 ppc64le
  • Red Hat Enterprise Linux Resilient Storage for IBM z Systems - 4 years of updates 9.0 s390x

修复

  • BZ - 2153363 - CVE-2022-45442 sinatra: Reflected File Download attack

Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 9.0

SRPM
pcs-0.11.1-10.el9_0.3.src.rpm SHA-256: 36f2de744646270ba703aa9958e82ea9bba58d459b556686b202c6610ceab618
x86_64
pcs-0.11.1-10.el9_0.3.x86_64.rpm SHA-256: a3ca6cfb41a287be0932fce437f668586dafa0f33bae07323df23d899cd2cb32
pcs-snmp-0.11.1-10.el9_0.3.x86_64.rpm SHA-256: 5a920f05daeb9daae28d37f5060b56057e4e4d56cd7619fd89fbef4f4483f83a

Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 9.0

SRPM
pcs-0.11.1-10.el9_0.3.src.rpm SHA-256: 36f2de744646270ba703aa9958e82ea9bba58d459b556686b202c6610ceab618
x86_64
pcs-0.11.1-10.el9_0.3.x86_64.rpm SHA-256: a3ca6cfb41a287be0932fce437f668586dafa0f33bae07323df23d899cd2cb32
pcs-snmp-0.11.1-10.el9_0.3.x86_64.rpm SHA-256: 5a920f05daeb9daae28d37f5060b56057e4e4d56cd7619fd89fbef4f4483f83a

Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Update Support 9.0

SRPM
pcs-0.11.1-10.el9_0.3.src.rpm SHA-256: 36f2de744646270ba703aa9958e82ea9bba58d459b556686b202c6610ceab618
ppc64le
pcs-0.11.1-10.el9_0.3.ppc64le.rpm SHA-256: 7e33685fa988b1f50b01837db7ec8fe1b891b9ba8f9817d5d1529c9bb4294841
pcs-snmp-0.11.1-10.el9_0.3.ppc64le.rpm SHA-256: cb6dcc2332491dcdd86c5642bc4cac85860f1fa9c559bdd4b50e255406834b32

Red Hat Enterprise Linux High Availability for Power, little endian - Extended Update Support 9.0

SRPM
pcs-0.11.1-10.el9_0.3.src.rpm SHA-256: 36f2de744646270ba703aa9958e82ea9bba58d459b556686b202c6610ceab618
ppc64le
pcs-0.11.1-10.el9_0.3.ppc64le.rpm SHA-256: 7e33685fa988b1f50b01837db7ec8fe1b891b9ba8f9817d5d1529c9bb4294841
pcs-snmp-0.11.1-10.el9_0.3.ppc64le.rpm SHA-256: cb6dcc2332491dcdd86c5642bc4cac85860f1fa9c559bdd4b50e255406834b32

Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 9.0

SRPM
pcs-0.11.1-10.el9_0.3.src.rpm SHA-256: 36f2de744646270ba703aa9958e82ea9bba58d459b556686b202c6610ceab618
ppc64le
pcs-0.11.1-10.el9_0.3.ppc64le.rpm SHA-256: 7e33685fa988b1f50b01837db7ec8fe1b891b9ba8f9817d5d1529c9bb4294841
pcs-snmp-0.11.1-10.el9_0.3.ppc64le.rpm SHA-256: cb6dcc2332491dcdd86c5642bc4cac85860f1fa9c559bdd4b50e255406834b32

Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 9.0

SRPM
pcs-0.11.1-10.el9_0.3.src.rpm SHA-256: 36f2de744646270ba703aa9958e82ea9bba58d459b556686b202c6610ceab618
x86_64
pcs-0.11.1-10.el9_0.3.x86_64.rpm SHA-256: a3ca6cfb41a287be0932fce437f668586dafa0f33bae07323df23d899cd2cb32
pcs-snmp-0.11.1-10.el9_0.3.x86_64.rpm SHA-256: 5a920f05daeb9daae28d37f5060b56057e4e4d56cd7619fd89fbef4f4483f83a

Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 9.0

SRPM
pcs-0.11.1-10.el9_0.3.src.rpm SHA-256: 36f2de744646270ba703aa9958e82ea9bba58d459b556686b202c6610ceab618
s390x
pcs-0.11.1-10.el9_0.3.s390x.rpm SHA-256: dec19cace33ac7fe8138f55febeb5ed5c7d0ab279f349f972a235adf088e7292
pcs-snmp-0.11.1-10.el9_0.3.s390x.rpm SHA-256: 11aa2821fd0aa1782374401512c5500fb4c3710241c05454d681091891744ac6

Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 9.0

SRPM
pcs-0.11.1-10.el9_0.3.src.rpm SHA-256: 36f2de744646270ba703aa9958e82ea9bba58d459b556686b202c6610ceab618
aarch64
pcs-0.11.1-10.el9_0.3.aarch64.rpm SHA-256: 15ce4639d7e0c9517da2708849c5d8859dd969976e046b436f640473cfc952c3
pcs-snmp-0.11.1-10.el9_0.3.aarch64.rpm SHA-256: 6f99f839adc08e66fa57ec1412d6edfb885861c95cf6cb85d7efe45ab846ff9f

Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 9.0

SRPM
pcs-0.11.1-10.el9_0.3.src.rpm SHA-256: 36f2de744646270ba703aa9958e82ea9bba58d459b556686b202c6610ceab618
s390x
pcs-0.11.1-10.el9_0.3.s390x.rpm SHA-256: dec19cace33ac7fe8138f55febeb5ed5c7d0ab279f349f972a235adf088e7292
pcs-snmp-0.11.1-10.el9_0.3.s390x.rpm SHA-256: 11aa2821fd0aa1782374401512c5500fb4c3710241c05454d681091891744ac6

Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 9.0

SRPM
pcs-0.11.1-10.el9_0.3.src.rpm SHA-256: 36f2de744646270ba703aa9958e82ea9bba58d459b556686b202c6610ceab618
aarch64
pcs-0.11.1-10.el9_0.3.aarch64.rpm SHA-256: 15ce4639d7e0c9517da2708849c5d8859dd969976e046b436f640473cfc952c3
pcs-snmp-0.11.1-10.el9_0.3.aarch64.rpm SHA-256: 6f99f839adc08e66fa57ec1412d6edfb885861c95cf6cb85d7efe45ab846ff9f

Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 9.0

SRPM
pcs-0.11.1-10.el9_0.3.src.rpm SHA-256: 36f2de744646270ba703aa9958e82ea9bba58d459b556686b202c6610ceab618
s390x
pcs-0.11.1-10.el9_0.3.s390x.rpm SHA-256: dec19cace33ac7fe8138f55febeb5ed5c7d0ab279f349f972a235adf088e7292
pcs-snmp-0.11.1-10.el9_0.3.s390x.rpm SHA-256: 11aa2821fd0aa1782374401512c5500fb4c3710241c05454d681091891744ac6

Red Hat Enterprise Linux Resilient Storage for x86_64 - 4 years of updates 9.0

SRPM
pcs-0.11.1-10.el9_0.3.src.rpm SHA-256: 36f2de744646270ba703aa9958e82ea9bba58d459b556686b202c6610ceab618
x86_64
pcs-0.11.1-10.el9_0.3.x86_64.rpm SHA-256: a3ca6cfb41a287be0932fce437f668586dafa0f33bae07323df23d899cd2cb32
pcs-snmp-0.11.1-10.el9_0.3.x86_64.rpm SHA-256: 5a920f05daeb9daae28d37f5060b56057e4e4d56cd7619fd89fbef4f4483f83a

Red Hat Enterprise Linux Resilient Storage for Power, little endian - 4 years of updates 9.0

SRPM
pcs-0.11.1-10.el9_0.3.src.rpm SHA-256: 36f2de744646270ba703aa9958e82ea9bba58d459b556686b202c6610ceab618
ppc64le
pcs-0.11.1-10.el9_0.3.ppc64le.rpm SHA-256: 7e33685fa988b1f50b01837db7ec8fe1b891b9ba8f9817d5d1529c9bb4294841
pcs-snmp-0.11.1-10.el9_0.3.ppc64le.rpm SHA-256: cb6dcc2332491dcdd86c5642bc4cac85860f1fa9c559bdd4b50e255406834b32

Red Hat Enterprise Linux Resilient Storage for IBM z Systems - 4 years of updates 9.0

SRPM
pcs-0.11.1-10.el9_0.3.src.rpm SHA-256: 36f2de744646270ba703aa9958e82ea9bba58d459b556686b202c6610ceab618
s390x
pcs-0.11.1-10.el9_0.3.s390x.rpm SHA-256: dec19cace33ac7fe8138f55febeb5ed5c7d0ab279f349f972a235adf088e7292
pcs-snmp-0.11.1-10.el9_0.3.s390x.rpm SHA-256: 11aa2821fd0aa1782374401512c5500fb4c3710241c05454d681091891744ac6

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/