-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: pcs security update Advisory ID: RHSA-2018:1927-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1927 Issue date: 2018-06-19 CVE Names: CVE-2018-1086 ===================================================================== 1. Summary: An update for pcs is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux High Availability (v. 6) - i386, x86_64 Red Hat Enterprise Linux Resilient Storage (v. 6) - i386, x86_64 3. Description: The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fix(es): * pcs: Debug parameter removal bypass, allowing information disclosure (CVE-2018-1086) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. This issue was discovered by Cedric Buissart (Red Hat). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 6.10 Release Notes and Red Hat Enterprise Linux 6.10 Technical Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1557366 - CVE-2018-1086 pcs: Debug parameter removal bypass, allowing information disclosure 6. Package List: Red Hat Enterprise Linux High Availability (v. 6): Source: pcs-0.9.155-3.el6.src.rpm i386: pcs-0.9.155-3.el6.i686.rpm pcs-debuginfo-0.9.155-3.el6.i686.rpm x86_64: pcs-0.9.155-3.el6.x86_64.rpm pcs-debuginfo-0.9.155-3.el6.x86_64.rpm Red Hat Enterprise Linux Resilient Storage (v. 6): Source: pcs-0.9.155-3.el6.src.rpm i386: pcs-0.9.155-3.el6.i686.rpm pcs-debuginfo-0.9.155-3.el6.i686.rpm x86_64: pcs-0.9.155-3.el6.x86_64.rpm pcs-debuginfo-0.9.155-3.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-1086 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/6/html/6.10_release_notes/index.html https://access.redhat.com/documentation/en-US/red_hat_enterprise_linux/6/html/6.10_technical_notes/index.html 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWyiNG9zjgjWX9erEAQjcTw//asqyV0hkdfW6QqCnqVnZN06hLwgEuqXD sEl1HgiIopVvAAWWAH+Cub5Kk/8nJXVWvQxM6TByZssEwGjbQ8p22Ph1vtOYMqr0 ID0Kg4IqBR5SJe5VCGZBElduBiZdP6hxLNpTg7suaVmlXYSKPNIZr3vmvG1njt0b ZtHmJaahcS+0pQIKEv6W29cYKAMX+mi/RgacPPMggFEz6cgG7IGC45LgyfxtmGNN diKKnmgNkfzn2h4BpovZ+l8MB1mZUz3nI5vYQm5R6IiSoYwPKN3Jb8uHYdDtVPTD mHURWLXwHTC05wh7S+ROk86F0OTJZFZtpIPUX68LrJG9Um7ebAWGz08nOZiFBxao Lw47FLLIigUpiz23QJYIwXaSDAL5eKKLy77elF559sdS/Eqcvn4HyWrqTpD87Nti yoPJEW5f9kQ9fkj/J/rTguFy2q6XJovoj0GoVDHLt71XFFRreFBkVvjpKNRZJ4c8 h0xOTt/7wGx3cj5bYlOHXLzIhvzOAQSK20MPC23o5XqUloHfm2ya1QHaPjR2rM6P AkB7zZcjWIKD6fntXwjqJ4w/ikpTZcQ/iF3RFIM0sJWYvNF79ECv/6zeCKvfrEyH W1JrGY0fpNVSrb7+kgIoOo/zr8MLzvOEiZDQkWIjPp+eJ75M7g59zI36PsD9HLbk VOabtN7bAHU= =X0dL -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce