- 发布:
- 2025-11-04
- 已更新:
- 2025-11-04
RHSA-2025:19734 - Security Advisory
概述
Important: pcs security update
类型/严重性
Security Advisory: Important
Red Hat Lightspeed patch analysis
识别并修复受此公告影响的系统。
标题
An update for pcs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
描述
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
- rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters (CVE-2025-59830)
- rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion) (CVE-2025-61770)
- rack: Rack's multipart parser buffers large non?file fields entirely in memory, enabling DoS (memory exhaustion) (CVE-2025-61771)
- rack: Rack memory exhaustion denial of service (CVE-2025-61772)
- rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion (CVE-2025-61919)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
解决方案
For details on how to apply this update, which includes the changes described in this advisory, refer to:
受影响的产品
- Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 8.6 x86_64
- Red Hat Enterprise Linux High Availability for x86_64 - Telecommunications Update Service 8.6 x86_64
- Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support Extension 8.6 x86_64
修复
- BZ - 2398167 - CVE-2025-59830 rubygem-rack: Rack QueryParser has an unsafe default allowing params_limit bypass via semicolon-separated parameters
- BZ - 2402174 - CVE-2025-61770 rack: Rack's unbounded multipart preamble buffering enables DoS (memory exhaustion)
- BZ - 2402175 - CVE-2025-61771 rack: Rack's multipart parser buffers large non?file fields entirely in memory, enabling DoS (memory exhaustion)
- BZ - 2402200 - CVE-2025-61772 rack: Rack memory exhaustion denial of service
- BZ - 2403180 - CVE-2025-61919 rubygem-rack: Unbounded read in `Rack::Request` form parsing can lead to memory exhaustion
Red Hat Enterprise Linux High Availability for Power LE - Update Services for SAP Solutions 8.6
| SRPM | |
|---|---|
| pcs-0.10.12-6.el8_6.10.src.rpm | SHA-256: 2fbb474a30df237af153d8f39ad4c74ee1b27886096b534f97ff755f397b6277 |
| ppc64le | |
| pcs-0.10.12-6.el8_6.10.ppc64le.rpm | SHA-256: aa41597fd567d33bc968f15c6a0f04e77d152ce6f6362b6c399e3c1b957af073 |
| pcs-snmp-0.10.12-6.el8_6.10.ppc64le.rpm | SHA-256: 55c663c951cb154c4f1fe31d464ba08ec2ec31ef61bfdb10173be702c62be6ba |
Red Hat Enterprise Linux High Availability for x86_64 - Update Services for SAP Solutions 8.6
| SRPM | |
|---|---|
| pcs-0.10.12-6.el8_6.10.src.rpm | SHA-256: 2fbb474a30df237af153d8f39ad4c74ee1b27886096b534f97ff755f397b6277 |
| x86_64 | |
| pcs-0.10.12-6.el8_6.10.x86_64.rpm | SHA-256: b25ee1b1542e64dfd6db940060bacbfd313c1553dae15a3113e0eb5801e68063 |
| pcs-snmp-0.10.12-6.el8_6.10.x86_64.rpm | SHA-256: 71a93c817565be12aa67ed8d238721c94ab112d86d1228a06f9acadb5425c7ce |
Red Hat Enterprise Linux High Availability for x86_64 - Telecommunications Update Service 8.6
| SRPM | |
|---|---|
| pcs-0.10.12-6.el8_6.10.src.rpm | SHA-256: 2fbb474a30df237af153d8f39ad4c74ee1b27886096b534f97ff755f397b6277 |
| x86_64 | |
| pcs-0.10.12-6.el8_6.10.x86_64.rpm | SHA-256: b25ee1b1542e64dfd6db940060bacbfd313c1553dae15a3113e0eb5801e68063 |
| pcs-snmp-0.10.12-6.el8_6.10.x86_64.rpm | SHA-256: 71a93c817565be12aa67ed8d238721c94ab112d86d1228a06f9acadb5425c7ce |
Red Hat Enterprise Linux High Availability for x86_64 - Extended Update Support Extension 8.6
| SRPM | |
|---|---|
| pcs-0.10.12-6.el8_6.10.src.rpm | SHA-256: 2fbb474a30df237af153d8f39ad4c74ee1b27886096b534f97ff755f397b6277 |
| x86_64 | |
| pcs-0.10.12-6.el8_6.10.x86_64.rpm | SHA-256: b25ee1b1542e64dfd6db940060bacbfd313c1553dae15a3113e0eb5801e68063 |
| pcs-snmp-0.10.12-6.el8_6.10.x86_64.rpm | SHA-256: 71a93c817565be12aa67ed8d238721c94ab112d86d1228a06f9acadb5425c7ce |
Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。
