Red Hat Product Errata RHSA-2024:1846 - Security Advisory
Issued:
2024-04-16
Updated:
2024-04-16

RHSA-2024:1846 - Security Advisory

Synopsis

Moderate: pcs security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for pcs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.

Security Fix(es):

  • rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing (CVE-2024-25126)
  • rubygem-rack: Possible DoS Vulnerability with Range Header in Rack (CVE-2024-26141)
  • rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing (CVE-2024-26146)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux High Availability for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 9.2 s390x
  • Red Hat Enterprise Linux Resilient Storage for x86_64 - 4 years of updates 9.2 x86_64
  • Red Hat Enterprise Linux Resilient Storage for Power, little endian - 4 years of updates 9.2 ppc64le
  • Red Hat Enterprise Linux Resilient Storage for IBM z Systems - 4 years of updates 9.2 s390x
  • Red Hat Enterprise Linux High Availability for x86_64 - Advanced Update Support 9.2 x86_64

Fixes

  • BZ - 2265593 - CVE-2024-25126 rubygem-rack: Denial of Service Vulnerability in Rack Content-Type Parsing
  • BZ - 2265594 - CVE-2024-26141 rubygem-rack: Possible DoS Vulnerability with Range Header in Rack
  • BZ - 2265595 - CVE-2024-26146 rubygem-rack: Possible Denial of Service Vulnerability in Rack Header Parsing

Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support 9.2

SRPM
pcs-0.11.4-7.el9_2.1.src.rpm SHA-256: f94227d7af8897cb434bbad19e56854dddac11874a8e3a256d9967e0d051958f
x86_64
pcs-0.11.4-7.el9_2.1.x86_64.rpm SHA-256: e78452749733c1a1ee4099c76abe6ecc46f9fd6b204a77829349cd52f91031fc
pcs-snmp-0.11.4-7.el9_2.1.x86_64.rpm SHA-256: 61e17a1abc72283b2b80e6187e6e18e6d6ddf448b0a25bbba7641a9dfad429f1

Red Hat Enterprise Linux Resilient Storage for x86_64 - Extended Update Support 9.2

SRPM
pcs-0.11.4-7.el9_2.1.src.rpm SHA-256: f94227d7af8897cb434bbad19e56854dddac11874a8e3a256d9967e0d051958f
x86_64
pcs-0.11.4-7.el9_2.1.x86_64.rpm SHA-256: e78452749733c1a1ee4099c76abe6ecc46f9fd6b204a77829349cd52f91031fc
pcs-snmp-0.11.4-7.el9_2.1.x86_64.rpm SHA-256: 61e17a1abc72283b2b80e6187e6e18e6d6ddf448b0a25bbba7641a9dfad429f1

Red Hat Enterprise Linux Resilient Storage for Power, little endian - Extended Update Support 9.2

SRPM
pcs-0.11.4-7.el9_2.1.src.rpm SHA-256: f94227d7af8897cb434bbad19e56854dddac11874a8e3a256d9967e0d051958f
ppc64le
pcs-0.11.4-7.el9_2.1.ppc64le.rpm SHA-256: 96d6fa12024f5c59e8f36dab08fafc5b21d9e28442da87bbc4f0b93f88a93561
pcs-snmp-0.11.4-7.el9_2.1.ppc64le.rpm SHA-256: c27b7ff6b7f635094a79f5a83c48db785f2893b842b3b2064fc2ef5bcd5755d5

Red Hat Enterprise Linux High Availability for Power, little endian - Extended Update Support 9.2

SRPM
pcs-0.11.4-7.el9_2.1.src.rpm SHA-256: f94227d7af8897cb434bbad19e56854dddac11874a8e3a256d9967e0d051958f
ppc64le
pcs-0.11.4-7.el9_2.1.ppc64le.rpm SHA-256: 96d6fa12024f5c59e8f36dab08fafc5b21d9e28442da87bbc4f0b93f88a93561
pcs-snmp-0.11.4-7.el9_2.1.ppc64le.rpm SHA-256: c27b7ff6b7f635094a79f5a83c48db785f2893b842b3b2064fc2ef5bcd5755d5

Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 9.2

SRPM
pcs-0.11.4-7.el9_2.1.src.rpm SHA-256: f94227d7af8897cb434bbad19e56854dddac11874a8e3a256d9967e0d051958f
ppc64le
pcs-0.11.4-7.el9_2.1.ppc64le.rpm SHA-256: 96d6fa12024f5c59e8f36dab08fafc5b21d9e28442da87bbc4f0b93f88a93561
pcs-snmp-0.11.4-7.el9_2.1.ppc64le.rpm SHA-256: c27b7ff6b7f635094a79f5a83c48db785f2893b842b3b2064fc2ef5bcd5755d5

Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 9.2

SRPM
pcs-0.11.4-7.el9_2.1.src.rpm SHA-256: f94227d7af8897cb434bbad19e56854dddac11874a8e3a256d9967e0d051958f
x86_64
pcs-0.11.4-7.el9_2.1.x86_64.rpm SHA-256: e78452749733c1a1ee4099c76abe6ecc46f9fd6b204a77829349cd52f91031fc
pcs-snmp-0.11.4-7.el9_2.1.x86_64.rpm SHA-256: 61e17a1abc72283b2b80e6187e6e18e6d6ddf448b0a25bbba7641a9dfad429f1

Red Hat Enterprise Linux High Availability (for IBM z Systems) - Extended Update Support 9.2

SRPM
pcs-0.11.4-7.el9_2.1.src.rpm SHA-256: f94227d7af8897cb434bbad19e56854dddac11874a8e3a256d9967e0d051958f
s390x
pcs-0.11.4-7.el9_2.1.s390x.rpm SHA-256: cbb27a2c43b14a98bb8cb0dc2b66bd58547f72e2988581a3a3200cb439e5a2e4
pcs-snmp-0.11.4-7.el9_2.1.s390x.rpm SHA-256: 24c517299ade2cb01fca7a511e9f33136dca8846cd8e520d5260aba265b1a2a2

Red Hat Enterprise Linux High Availability (for ARM 64) - Extended Update Support 9.2

SRPM
pcs-0.11.4-7.el9_2.1.src.rpm SHA-256: f94227d7af8897cb434bbad19e56854dddac11874a8e3a256d9967e0d051958f
aarch64
pcs-0.11.4-7.el9_2.1.aarch64.rpm SHA-256: f7d39661c5b7ccad2c13736fee4e4092fab072b899cb360b92f3d5dac5259df5
pcs-snmp-0.11.4-7.el9_2.1.aarch64.rpm SHA-256: b0ee7cdc4efabd00e1f758ba164fbb0c9529777622eacc3e31e9117dd25c0e38

Red Hat Enterprise Linux Resilient Storage for IBM z Systems - Extended Update Support 9.2

SRPM
pcs-0.11.4-7.el9_2.1.src.rpm SHA-256: f94227d7af8897cb434bbad19e56854dddac11874a8e3a256d9967e0d051958f
s390x
pcs-0.11.4-7.el9_2.1.s390x.rpm SHA-256: cbb27a2c43b14a98bb8cb0dc2b66bd58547f72e2988581a3a3200cb439e5a2e4
pcs-snmp-0.11.4-7.el9_2.1.s390x.rpm SHA-256: 24c517299ade2cb01fca7a511e9f33136dca8846cd8e520d5260aba265b1a2a2

Red Hat Enterprise Linux High Availability for ARM 64 - 4 years of updates 9.2

SRPM
pcs-0.11.4-7.el9_2.1.src.rpm SHA-256: f94227d7af8897cb434bbad19e56854dddac11874a8e3a256d9967e0d051958f
aarch64
pcs-0.11.4-7.el9_2.1.aarch64.rpm SHA-256: f7d39661c5b7ccad2c13736fee4e4092fab072b899cb360b92f3d5dac5259df5
pcs-snmp-0.11.4-7.el9_2.1.aarch64.rpm SHA-256: b0ee7cdc4efabd00e1f758ba164fbb0c9529777622eacc3e31e9117dd25c0e38

Red Hat Enterprise Linux High Availability for IBM z Systems - 4 years of updates 9.2

SRPM
pcs-0.11.4-7.el9_2.1.src.rpm SHA-256: f94227d7af8897cb434bbad19e56854dddac11874a8e3a256d9967e0d051958f
s390x
pcs-0.11.4-7.el9_2.1.s390x.rpm SHA-256: cbb27a2c43b14a98bb8cb0dc2b66bd58547f72e2988581a3a3200cb439e5a2e4
pcs-snmp-0.11.4-7.el9_2.1.s390x.rpm SHA-256: 24c517299ade2cb01fca7a511e9f33136dca8846cd8e520d5260aba265b1a2a2

Red Hat Enterprise Linux Resilient Storage for x86_64 - 4 years of updates 9.2

SRPM
pcs-0.11.4-7.el9_2.1.src.rpm SHA-256: f94227d7af8897cb434bbad19e56854dddac11874a8e3a256d9967e0d051958f
x86_64
pcs-0.11.4-7.el9_2.1.x86_64.rpm SHA-256: e78452749733c1a1ee4099c76abe6ecc46f9fd6b204a77829349cd52f91031fc
pcs-snmp-0.11.4-7.el9_2.1.x86_64.rpm SHA-256: 61e17a1abc72283b2b80e6187e6e18e6d6ddf448b0a25bbba7641a9dfad429f1

Red Hat Enterprise Linux Resilient Storage for Power, little endian - 4 years of updates 9.2

SRPM
pcs-0.11.4-7.el9_2.1.src.rpm SHA-256: f94227d7af8897cb434bbad19e56854dddac11874a8e3a256d9967e0d051958f
ppc64le
pcs-0.11.4-7.el9_2.1.ppc64le.rpm SHA-256: 96d6fa12024f5c59e8f36dab08fafc5b21d9e28442da87bbc4f0b93f88a93561
pcs-snmp-0.11.4-7.el9_2.1.ppc64le.rpm SHA-256: c27b7ff6b7f635094a79f5a83c48db785f2893b842b3b2064fc2ef5bcd5755d5

Red Hat Enterprise Linux Resilient Storage for IBM z Systems - 4 years of updates 9.2

SRPM
pcs-0.11.4-7.el9_2.1.src.rpm SHA-256: f94227d7af8897cb434bbad19e56854dddac11874a8e3a256d9967e0d051958f
s390x
pcs-0.11.4-7.el9_2.1.s390x.rpm SHA-256: cbb27a2c43b14a98bb8cb0dc2b66bd58547f72e2988581a3a3200cb439e5a2e4
pcs-snmp-0.11.4-7.el9_2.1.s390x.rpm SHA-256: 24c517299ade2cb01fca7a511e9f33136dca8846cd8e520d5260aba265b1a2a2

Red Hat Enterprise Linux High Availability for x86_64 - Advanced Update Support 9.2

SRPM
pcs-0.11.4-7.el9_2.1.src.rpm SHA-256: f94227d7af8897cb434bbad19e56854dddac11874a8e3a256d9967e0d051958f
x86_64
pcs-0.11.4-7.el9_2.1.x86_64.rpm SHA-256: e78452749733c1a1ee4099c76abe6ecc46f9fd6b204a77829349cd52f91031fc
pcs-snmp-0.11.4-7.el9_2.1.x86_64.rpm SHA-256: 61e17a1abc72283b2b80e6187e6e18e6d6ddf448b0a25bbba7641a9dfad429f1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.